Avoid recipient-compatibility SHA1

Phil Pennock gnupg-users at spodhuis.org
Wed Nov 18 23:52:14 CET 2020 

On 2020-11-17 at 22:18 -0700, Mark wrote:
> Not to ask a stupid question but how can you tell which algorithm your
> keys are using and if using SHA1 update them to a more secure one?

With GnuPG, `gpg --list-packets` shows a lot of fine detail, but unless
you're familiar with the standards it can be a bit of a slog.

If I might be forgiven for mentioning another OpenPGP tool from outside
the GnuPG suite which can help here, then Sequioa has an "sq" command
with the "inspect" sub-command.  Using an old revoked key of mine to
demonstrate:

-----------------------8< inspect with sequoia >8-----------------------
$ gpg --export 0x7C34B4E14CE4F655 | sq inspect
-: OpenPGP Certificate.

    Fingerprint: 1745 1D0F BB5E 88F4 0AC0  08F6 7C34 B4E1 4CE4 F655
                 Invalid: No binding signature at time 2020-11-18T22:41:24Z
Public-key algo: DSA (Digital Signature Algorithm)
Public-key size: 1024 bits
  Creation time: 2001-08-03 17:34:53 UTC

         UserID: Phil Pennock [censored email address in this list post]
                 Invalid: Policy rejected non-revocation signature (PositiveCertification)
                 because: SHA1 is not considered secure since 2013-01-01T00:00:00Z

             Bad Signature: [ snip long error which doesn't matter here ]
-----------------------8< inspect with sequoia >8-----------------------

Here the lack of SHA1 support made the fingerprint invalid, and then
it's explicitly called out under the UserID.

The other thing to do is to use `gpg --edit-key $YOURKEY` and run
`showpref`; it's okay for SHA1 to be _listed_ on the Digest: line, but
you also want SHA256 listed.

Fine:
  Digest: SHA256, SHA512, RIPEMD160, SHA1
Not fine:
  Digest: RIPEMD160, SHA1


With GnuPG:
 * To fix the preferences, "setpref" in the edit-key menu.
 * To fix the self-binding:
     gpg --expert --cert-digest-algo SHA256 --sign-key $YOURKEY

There's also the problem of subkey binding signatures.  That's a whole
other mess, but frankly if you have a key which is worth keeping (it has
a good web-of-trust) and you have old subkeys, just go ahead and make
new ones with a current version of GnuPG, after you've fixed the
self-binding.  I _think_, but have not checked, that GnuPG will do the
right thing there.

Basically, make a subkey for encryption, and a subkey for signing, and
call it good.

-Phil

More information about the Gnupg-users mailing list