On Mon, 17 Mar 2014 15:39, [email protected] said:
> So gpg's behavior seems to be non-uniform here. That said, i'd love to
> be able to tell gpg to ignore or explicitly reject signatures made by
> strong keys with MD5 digests.
There is a new option in master:
--allow-weak-digest-algos
Signatures made with the broken MD5 algorithm are normally
rejected with an ``invalid digest algorithm'' message. This
option allows the verification of signatures made with such weak
algorithms.
Right, at some time we may need to add SHA-1 here.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
