Avoid recipient-compatibility SHA1
Phil Pennock
gnupg-users at spodhuis.org
Thu Nov 19 00:09:39 CET 2020
On 2020-11-17 at 22:18 -0700, Mark wrote:
> Not to ask a stupid question but how can you tell which algorithm your
> keys are using and if using SHA1 update them to a more secure one?
I have a better answer than my previous one, because the very next
mailing-list I read has a post today from the Sequoia devs where they've
written a tool to report this stuff, and even to automatically generate
current bindings, if you trust your private key to their code.
<https://gitlab.com/sequoia-pgp/keyring-linter>
Looks to do much of what I recommended; I haven't read the code and
don't know if the current version will also fix preference lists.
(I look forward to this sort of functionality being part of GnuPG
natively, as part of key lifecycle maintenance for long-lived keys.)
-Phil
More information about the Gnupg-users
mailing list