On Wed, 8 Jan 2020 21:37, Andrew Gallagher said:
> Have you tried changing the subkey expiry? Or does that reuse the same hash?
That is what I would also suggest. The expire sub-command is useful for
all such things. It should always use the current default digest
algorithms.
Regarding the SH
> On 8 Jan 2020, at 20:05, Phil Pennock via Gnupg-users
> wrote:
>
> How do I re-sign the subkey binding for a [S] signing subkey, to keep
> the same key but make the association from the main key be with SHA256
> please?
Have you tried changing the subkey expiry? Or does that reuse the same
So, this SHA-1 mess is "fun".
To get a fresh self-sig user ID signature on the main key, I can do
this:
gpg --expert --cert-digest-algo SHA256 --sign-key ${KEYID:?}
The `--expert` overrides the "already signed" safety check, letting you
confirm that yes you really want this. Alas, it seems th