Confusion with signature digest type.
Mason Loring Bliss
mason at blisses.org
Fri Apr 26 03:13:12 CEST 2013
-----BEGIN PGP SIGNED MESSAGE-----
I've been reading some "best practises" documents, and it was suggested that
I not use SHA-1 as my self-signature digest algorithm:
This says, "To fix this, you will need to regenerate a key after setting the
following in your ~/.gnupg/gpg.conf" and then tells me to set something
What I cannot figure out is how to remove my signature from my key and
re-sign it with the new digest algorithm. I delete my signature, or at least
I think I do, and it lets me sign my key again, but when I check using their
gpg --export-options export-minimal --export <keyid> | gpg --list-packets | grep 'pref-hash-algos'
...I see algorithm 2 still there.
My understanding is that I have a key pair, and I sign it by unlocking the
secret half, and the signature is distinct from the key pair, so I should be
able to generate a new signature with a different digest algorithm. But
clearly that's not happening, so either my method is wrong or my under-
standing of something is wrong, and I'd be grateful for help either way.
I created a new key, and the new key seems to have done the right thing, but
it really seems as thought I'd ought to have been able to convert my old
Thanks in advance for clues!
Mason Loring Bliss <---------> mason at blisses.org
Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Gnupg-users