Avoid recipient-compatibility SHA1

Phil Pennock gnupg-users at spodhuis.org
Fri Oct 30 05:10:54 CET 2020


Normally everything I do with GnuPG is using SHA256 digests, and I
normally keep "weak-digest SHA1" in my gpg.conf file.

I just sent a message to N recipients, and I think one of them probably
has some preference algorithm in their key details, because this one
mail was signed using SHA1, not my defaults.

Is there any way to say "ignore weak digests when trying to find a
compatible hash algorithm" please?

I accept that such a mode might make the message unreadable for that
recipient.  That's fine.  I'd rather create pressure for people to fix
their systems to use modern cryptography than cater to their brokenness
with sensitive messages.


More information about the Gnupg-users mailing list