Daniel Kahn Gillmor dkg at
Wed Mar 18 00:28:47 CET 2015

On Tue 2015-03-17 18:53:42 -0400, Damien Goutte-Gattat wrote:
> Do you mean signatures in general, or key signatures (certifications)? 
> For key signatures, SHA-1 is still the default for RSA keys

Is this correct?  I think we should be defaulting to SHA-256 for RSA
certifications these days.

If we want to cater to users who really want their certifications to
have compatibility with buggy 10-year-old clients that don't have
SHA-256, we should make it easy for them to make a SHA-1 certification
with a 1-second-earlier timestamp.

> but signatures on (EC)DSA keys will use up to SHA-512 depending on the
> key size (SHA-256 for a Brainpool-256 key, SHA-512 for a BrainpoolP512
> key).

I think you mean signatures *by* (EC)DSA keys, not *on* (EC)DSA keys,


More information about the Gnupg-users mailing list