Re: [Debconf-discuss] KSP: caff uses SHA-1 by default, instructions for stronger digests

[David Moreno <david@axiombox.com>]

On Aug 3, 2009, at 8:46 PM, Simon Paillard wrote:

> Hi,
>
> Following Debconf, you are certainly about to use caff and sign/sent
> keys (or you already did it).
>
> Just this mail to make the Bdale notice[0] more visible: caff uses  
> SHA1 by
> default[1], even with correctly configured gnupg as per Ana's post[2].
> That's a shame since the point of these 4k keys is to use stronger  
> digests.
>
> To fix it for future keys:
> ln -s ~/.gnupg/gpg.conf ~/.caff/gnupghome/gpg.conf
>
> To fix key XXXXXXXX signed using SHA-1 :
> gpg --homedir=/home/uid/.caff/gnupghome --secret-keyring /home/ 
> uid/.gnupg/secring.gpg
> --no-auto-check-trustdb --trust-model=always --edit-key XXXXXXXX  
> caff --no-download XXXXXXXX
>
> [0] http://www.gag.com/bdale/blog/posts/Strong_Keys.html
> [1] http://bugs.debian.org/527944
> [2] http://ekaia.org/blog/2009/05/10/creating-new-gpgkey/

Yes, also have this message in consideration when using caff, courtesy  
of dkg:

http://lists.vireo.org/pipermail/debiannyc/2009-May/000292.html