-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi all.
I've been reading some "best practises" documents, and it was suggested that I not use SHA-1 as my self-signature digest algorithm: https://we.riseup.net/debian/openpgp-best-practices#self-signatures-must-not-use-sha1 This says, "To fix this, you will need to regenerate a key after setting the following in your ~/.gnupg/gpg.conf" and then tells me to set something beefier. What I cannot figure out is how to remove my signature from my key and re-sign it with the new digest algorithm. I delete my signature, or at least I think I do, and it lets me sign my key again, but when I check using their suggested pipeline: gpg --export-options export-minimal --export <keyid> | gpg --list-packets | grep 'pref-hash-algos' ...I see algorithm 2 still there. My understanding is that I have a key pair, and I sign it by unlocking the secret half, and the signature is distinct from the key pair, so I should be able to generate a new signature with a different digest algorithm. But clearly that's not happening, so either my method is wrong or my under- standing of something is wrong, and I'd be grateful for help either way. I created a new key, and the new key seems to have done the right thing, but it really seems as thought I'd ought to have been able to convert my old key's signature. Thanks in advance for clues! - -- Mason Loring Bliss <---------> [email protected] Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJRedSoAAoJEJ6yV3B27yVVsMgQAMipIix9PAXP+GkLhRo8+8Gf 7w8G6vX5rflB1HWpCs7CFMkn2hXtocnWTmFyInHZDwrcVk+j4UKu+JXHD2XMIURZ L8qekUGLj6IA0GZORfjZErGG6p5R5iFKET3qTqzMoshox4C+uu2zv3WU+Cd1okZr 3E4XEQ3OXbgAUJBJZiL+eXOQxRUX6RNTKxIk7YMqrxPtjLYkpA/8ayLa7qOq4w9m JAjARQybz9EBlA8k4hYX4978XXloQuR/oyB52bT+3pgeVfu+kuvaGXcow4uV4qTv Nv7rD7jhxHxlFov8VRKPJ+PuiybTqGhT+8RfAj/ZriDXFOnLNonYKU6TqTGTVjWC DDRQwDUr4mvRKjoaTBT31NXqLbJ+jsSMR/ujaChnOuu6KW0vQpOXo5cHshVfR3YA GV+am0yLt7Twh7RNnk/aLIH2D8OKp07rk4azZRR36Ksnq/fvHwV19h4BYAI1iN6i xXlRJvMjOgsLPjYo5rtsgAAFesX/eR1fhAuYvtVAqD/UdOj+xHVU8T06wut4i5+S GbjZsRKsB92smONhqxWB0YBxqjXQ+9XCzSVtnl4xFLSsVl/YT3y/wd5t9ofgLTyg P1LspDY14CxTa6EYPozrm4113IMplhXyKiCMm5SADkJ5o46IGaK/pN6stnuwQwZ5 fZjnEzYR6wT7f+Pyiz5g =ScVO -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
