Robert J. Hansen
rjh at sixdemonbag.org
Sat Dec 11 17:24:46 CET 2010
On 12/10/2010 9:16 PM, David Tomaschik wrote:
> Are there any disadvantages to distinct signature & encryption keys?
None that I've found.
> Is the weakness in the hash used to sign the key internally, or just when
> it is used to sign data? I guess that's the part that eludes me.
Err -- "yes."
A certificate is just a block of key material plus some associated data.
SHA-1 is used internally by the certificate to sign some parts of the
data, as well as for computing a key fingerprint. You can to some
extent mitigate how much SHA-1 gets used, but you can't remove it
You can also choose to use SHA-1 to sign messages and files. Here, you
can remove it completely in favor of some other hash algorithm.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5598 bytes
Desc: S/MIME Cryptographic Signature
More information about the Gnupg-users