howto secure older keys after the recent attacks

Robert J. Hansen rjh at
Fri Sep 11 01:18:42 CEST 2009

Philippe Cerfon wrote:
> But now that you say it. Would it be "better" to not just check other
> keys via their fingerprint, but to really copy them (e.g. per
> USB-stick) from their owners and sign only such direct copies?


Sharing media is a great way to spread malware.  Don't do that to your
friends.  Use the keyserver network.

SHA-1 is in trouble, but it's not dead yet, and regular users should not
be worried about it.

More information about the Gnupg-users mailing list