Generated OpenPGP keys use sha1 for cert-digest-algo
It is recommended that the digest used for self signing a key be SHA256 or SHA512. Currently, bitmask generates keys with SHA1 digest for the signature.
In gpg, this option is configured like so:
cert-digest-algo SHA512
i assume there is some way to pass this to python-gnupg.
This is how I checked:
sudo apt-get install hopenpgp-tools hkt export-pubkeys '0x4C0E01CD50E2F653' | hokey lint Key has potential validity: good Key has fingerprint: 7503 FA06 309F EBEB 4B4A 36B5 4C0E 01CD 50E2 F653 Checking to see if key is OpenPGPv4: V4 Checking to see if key is RSA or DSA (>= 2048-bit): RSA 4096 Checking user-ID- and user-attribute-related items: elijah@leap.se : Self-sig hash algorithms: [SHA1] Preferred hash algorithms: [SHA256,SHA1,SHA384,SHA512,SHA224] Key expiration times: [1y45782s = Sat Aug 27 07:00:00 UTC 2016]
(from redmine: created on 2015-08-28)