Conversation:
Notices
-
Checked my prefs in GnuPG with "gpg --edit-key bjonkman" then "showprefs"; SHA1 was the only digest algorithm listed. Issued command "setpref" to set all algorithms to default, but SHA1 was listed first. Issued command "setpref CAST5 3DES IDEA AES256 AES192 AES SHA256 SHA384 SHA512 SHA224 ZLIB BZIP2 ZIP Uncompressed MDC" to remove SHA1, but GnuPG added it back, now listed last. !crypto https://www.schneier.com/blog/archives/2013/11/microsoft_retir.html
-
try this from 2009. http://www.debian-administration.org/users/dkg/weblog/48
-
@boneidol Thanx! I've done mostly that, except for the descending order of SHA strength (/me fixes that now). And since my key is DSA, I guess I should generate a new keypair. If I don't revoke the old key, but expire it so that its Web of Trust stays intact, does that weaken the WoT? !crypto
-
The Debian administration article mentions a phased transition to a new key over 3 months. Getting your new key signed by the old one. Attending key signings to get it integrated into the WoT, and contacting people who's keys you've signed to check they are still in control of their keys so you can recertify them with your new key.
Former Bob Jonkman -- Please use the new server at https://gs.jonkman.ca
kat
All Hacker Poesy content and data are available under the