On Tue, Jan 03, 2006 at 04:32:27PM -0800, [EMAIL PROTECTED] wrote: > i have two keys that i use extensively for e-mailing > > one is a v4 rsa key (my default key), and the other is a v3 rsa key > (for those correspondents who insist on or prefer the old key) > > both were signed with md5 when they were generated years ago > > when i try to sign them now, gnupg (1.4.2) prompts me to sign with > a dh/dsa test key that is in my keyring, instead of with my default > key > > (i tried using updpref sha256 first, which was accepted, > but still couldn't sign a key with my default key) > > is there any way i can self-sign them with a sha256 sig, > or sign them with my default key with a sha256 sig > > (if not, can this be a feature request? > > as signature hashing algorithms become less trusted, > but while the key itself is still trusted, > wouldn't it make more sense to be able to update the self-sig > rather than have to generate a new key? )
Yes, but note that it's still possible for someone to get the old self-sig from a keyserver. Anyway, do this: gpg --expert --cert-digest-algo (thehash) -u (thekeyid) --sign-key (thekeyid) GPG will warn you that the key is already signed, but give you the option to sign anyway. Remember that if you pick a hash algorithm that your correspondents don't have, the key will become unusable to them. Despite the recent attacks, I'd use SHA-1. Why did you self-sign a v4 RSA key with MD5 anyway? David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
