Avoid recipient-compatibility SHA1

Phil Pennock gnupg-users at spodhuis.org
Thu Nov 19 00:09:39 CET 2020


On 2020-11-17 at 22:18 -0700, Mark wrote:
> Not to ask a stupid question but how can you tell which algorithm your
> keys are using and if using SHA1 update them to a more secure one?

I have a better answer than my previous one, because the very next
mailing-list I read has a post today from the Sequoia devs where they've
written a tool to report this stuff, and even to automatically generate
current bindings, if you trust your private key to their code.

  <https://gitlab.com/sequoia-pgp/keyring-linter>

Looks to do much of what I recommended; I haven't read the code and
don't know if the current version will also fix preference lists.

(I look forward to this sort of functionality being part of GnuPG
natively, as part of key lifecycle maintenance for long-lived keys.)

-Phil



More information about the Gnupg-users mailing list