On Tue, Feb 11, 2014 at 09:10:32AM +0100, Per Tunedal <per.tune...@operamail.com> wrote a message of 17 lines which said:
> When SHA-1 falls, GnuPG will otherwise be completely broken as > internal key signatures, as well signatures of public keys from > others and the fingerprint rely on SHA-1 hashes. Isn't three different cases? For the fingerprint, it is in the RFC 4880 (section 12.2) and GnuPG cannot change it unilaterally or it would stop to be OpenPGP-compliant. For the signatures of public keys from others, you can already put: cert-digest-algo SHA256 in your gpg.conf. I don't know why it's not the default but there is certainly a good reason in the archives mentioned by Peter Lebbing. In the mean time, you can always migrate yourself. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users