Hi, GnuPG, as OpenPGP compliant, relies heavily on the near broken hash algorithm SHA-1. Is there any work in progress to move to a more secure hash algorithm? When SHA-1 falls, GnuPG will otherwise be completely broken as internal key signatures, as well signatures of public keys from others and the fingerprint rely on SHA-1 hashes. Yours, Per Tunedal