Best Practices
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sun Dec 12 16:23:19 CET 2010
On 12/11/2010 11:24 AM, Robert J. Hansen wrote:
> A certificate is just a block of key material plus some associated data.
> SHA-1 is used internally by the certificate to sign some parts of the
> data
Really? i've got several certifications over my key's user IDs that i'm
pretty sure don't use SHA1 at all.
i note that gpg seems incapable of certifying subkeys using anything
other than SHA1, but that doesn't seem required by the standard.
What part of OpenPGP certificates require SHA-1?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20101212/cc1e0a11/attachment.pgp>
More information about the Gnupg-users
mailing list