Properly dealing with key material, passphrases and the web-of-trust is outside of the scope of this document. The GnuPG website\footnote{\url{http://www.gnupg.org/}} has a good tutorial on PGP.
+This \href{https://www.debian-administration.org/users/dkg/weblog/48}{Debian Howto} is a great resource on upgrading your old PGP key as well as on safe default settings. This section is built based on the Debian Howto.
+
\subsubsection{Hashing}
Avoid SHA-1 in GnuPG. Edit \$HOME/.gnupg/gpg.conf:
\begin{lstlisting}[breaklines]
-# according to: https://www.debian-administration.org/users/dkg/weblog/48
personal-digest-preferences SHA256
cert-digest-algo SHA256
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
git.bettercrypto.org / ach-master.git / commitdiff