Evolution vs sha256, or why my new key is useless

Filed under

There’s again a bit of cryptographic related panicing going on at the moment. This time it’s not a bug in the Debian version of OpenSSL, but another attack on SHA-1 that appears to break it a bit worse than before. So now everybody is generating new gpg keys to move away from SHA-1 hashes.

There’s one problem though: even when you generate a new gpg key that supports better hashing, your applications will still need to support the better hashing for it to be effective.

Given that gnupg is pretty unusable as a library, making everyone create library-ish wrappers around its command-line interface, it is very easy to get this wrong.

rest here