sha-1

David Shaw dshaw at jabberwocky.com
Wed Feb 16 16:33:30 CET 2005


On Wed, Feb 16, 2005 at 07:22:25AM -0800, vedaal at hush.com wrote:
> if sha-1 does turn out to be as weak/broken as md-5,
> 
> then,
> would it be possible for the owner of a key 
> to somehow amend an already existing keypair,
> 
> to change or add to the self-signature 
> with a different trusted hash algorithm ?

For user IDs, that's easy and you can do that now.  Just delete your
self-sig and re-sign the UID.  For subkey self-signatures, you can
theoretically do it, but it's probably not worth it.  Just revoke the
old subkey and make a new one with whatever hash algorithm you like.

Be careful though - remember that not all OpenPGP implementations
support all hashes.  You can easily make your key unusable by some
people.  The nice thing about SHA-1 is that it is required by the
protocol so it always works.

David



More information about the Gnupg-users mailing list