On Tue 2015-03-17 18:53:42 -0400, Damien Goutte-Gattat wrote: > Do you mean signatures in general, or key signatures (certifications)? > For key signatures, SHA-1 is still the default for RSA keys
Is this correct? I think we should be defaulting to SHA-256 for RSA certifications these days. If we want to cater to users who really want their certifications to have compatibility with buggy 10-year-old clients that don't have SHA-256, we should make it easy for them to make a SHA-1 certification with a 1-second-earlier timestamp. > but signatures on (EC)DSA keys will use up to SHA-512 depending on the > key size (SHA-256 for a Brainpool-256 key, SHA-512 for a BrainpoolP512 > key). I think you mean signatures *by* (EC)DSA keys, not *on* (EC)DSA keys, right? --dkg _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users