Best Practices

Daniel Kahn Gillmor dkg at
Sun Dec 12 16:23:19 CET 2010

On 12/11/2010 11:24 AM, Robert J. Hansen wrote:

> A certificate is just a block of key material plus some associated data.
>  SHA-1 is used internally by the certificate to sign some parts of the
> data

Really?  i've got several certifications over my key's user IDs that i'm
pretty sure don't use SHA1 at all.

i note that gpg seems incapable of certifying subkeys using anything
other than SHA1, but that doesn't seem required by the standard.

What part of OpenPGP certificates require SHA-1?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20101212/cc1e0a11/attachment.pgp>

More information about the Gnupg-users mailing list