On 12/10/2010 9:16 PM, David Tomaschik wrote: > Are there any disadvantages to distinct signature & encryption keys?
None that I've found. > Is the weakness in the hash used to sign the key internally, or just when > it is used to sign data? I guess that's the part that eludes me. Err -- "yes." A certificate is just a block of key material plus some associated data. SHA-1 is used internally by the certificate to sign some parts of the data, as well as for computing a key fingerprint. You can to some extent mitigate how much SHA-1 gets used, but you can't remove it completely. You can also choose to use SHA-1 to sign messages and files. Here, you can remove it completely in favor of some other hash algorithm.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
