howto secure older keys after the recent attacks

David Shaw dshaw at
Fri Sep 11 04:52:39 CEST 2009

On Sep 10, 2009, at 5:44 PM, Philippe Cerfon wrote:

> On Thu, Sep 10, 2009 at 10:21 PM, Robert J. Hansen <rjh at 
> > wrote:
>> I understood him to mean the "key ID" as the fingerprint of the
>> certificate's primary signing key, rather than checking each bit of  
>> the
>> certificate's primary signing key individually.
> I meant the fingerprint, yes.
> But now that you say it. Would it be "better" to not just check other
> keys via their fingerprint, but to really copy them (e.g. per
> USB-stick) from their owners and sign only such direct copies?

I suspect you are more in danger of being hit by meteors several times  
in a row as you walk to your friend's house with the USB stick, than  
you are in danger from SHA-1.



More information about the Gnupg-users mailing list