SHA1 depreciation ??

Johan Wevers johanw at
Sun Aug 13 16:37:00 CEST 2017

On 28-06-2017 19:35, Joshua Hudson wrote:

> I found out it's really hard to make a key that doesn't say "Digest: ... SHA1" in its attributes.

Probably because RFC-4880 states that "Implementations MUST implement
DSA for signatures", and DSA used to be SHA1 ony. I'm not sure if SHA2
can already be used, and even less sure if implementations without SHA1
are comforming to the standard.

ir. J.C.A. Wevers
PGP/GPG public keys at

More information about the Gnupg-users mailing list