I am trying to clean all my existing keys and identities from signatures based on SHA1 and replace them with signatures based on SHA512, without having to create new (sub) keys, as they are still in use somewhere else.
Found this helpful article (in German) which helped me a lot, I was able to force gpg to update the self-signatures of my identity and my subkeys based on SHA512, all fine.
But: There is one stubborn “embedded signature” of type “Primary Key Binding Signature(0x19)” inside one of my (properly updated) “Subkey Binding Signature(0x18)” which refuses to be updated. Whatever I tried for hours and hours, after googling half of the internet, it stays on “Hash alg - SHA1(hash 2)”, and its creation timestamp does not move.
Here is an anonymized, annotated gpgdump of my problematic key:
bernd@arch:~ (0) $ gpg --export ************ | pgpdump
gpg: Note: signatures using the SHA1 algorithm are rejected
Old: Public Key Packet(tag 6)(525 bytes)
Ver 4 - new
Public key creation time - Sun Sep 25 11:01:21 CEST 2016
Pub alg - RSA Encrypt or Sign(pub 1)
RSA n(4096 bits) - ...
RSA e(17 bits) - ...
Old: User ID Packet(tag 13)(51 bytes)
User ID - Bernd <my_email@some_domain.com>
Old: Signature Packet(tag 2)(595 bytes)
Ver 4 - new
Sig type - Positive certification of a User ID and Public Key packet(0x13).
Pub alg - RSA Encrypt or Sign(pub 1)
Hash alg - SHA512(hash 10)
Hashed Sub: issuer fingerprint(sub 33)(21 bytes)
v4 - Fingerprint - a1 5d ** ** ** ** ** ** ** **
Hashed Sub: signature creation time(sub 2)(4 bytes)
Time - Sat Apr 20 15:32:57 CEST 2024
Hashed Sub: key flags(sub 27)(1 bytes)
Flag - This key may be used to certify other keys
Hashed Sub: key expiration time(sub 9)(4 bytes)
Time - Mon Apr 20 12:10:08 CEST 2026
Hashed Sub: preferred symmetric algorithms(sub 11)(3 bytes)
Sym alg - AES with 256-bit key(sym 9)
Sym alg - Twofish with 256-bit key(sym 10)
Sym alg - Blowfish(sym 4)
Hashed Sub: preferred hash algorithms(sub 21)(4 bytes)
Hash alg - SHA512(hash 10)
Hash alg - SHA384(hash 9)
Hash alg - SHA256(hash 8)
Hash alg - RIPEMD160(hash 3)
Hashed Sub: preferred compression algorithms(sub 22)(4 bytes)
Comp alg - ZLIB <RFC1950>(comp 2)
Comp alg - BZip2(comp 3)
Comp alg - ZIP <RFC1951>(comp 1)
Comp alg - Uncompressed(comp 0)
Hashed Sub: features(sub 30)(1 bytes)
Flag - Modification detection (packets 18 and 19)
Hashed Sub: key server preferences(sub 23)(1 bytes)
Flag - No-modify
Sub: issuer key ID(sub 16)(8 bytes)
Key ID - 0x****************
Hash left 2 bytes - 3e 68
RSA m^d mod n(4094 bits) - ...
-> PKCS-1
Old: Public Subkey Packet(tag 14)(525 bytes)
Ver 4 - new
Public key creation time - Sun Sep 25 11:01:21 CEST 2016
Pub alg - RSA Encrypt or Sign(pub 1)
RSA n(4096 bits) - ...
RSA e(17 bits) - ...
Old: Signature Packet(tag 2)(572 bytes)
Ver 4 - new
Sig type - Subkey Binding Signature(0x18).
Pub alg - RSA Encrypt or Sign(pub 1)
Hash alg - SHA512(hash 10)
Hashed Sub: key flags(sub 27)(1 bytes)
Flag - This key may be used to encrypt communications
Flag - This key may be used to encrypt storage
Hashed Sub: issuer fingerprint(sub 33)(21 bytes)
v4 - Fingerprint - a1 5d ** ** ** ** ** **
Hashed Sub: signature creation time(sub 2)(4 bytes)
Time - Sat Apr 20 15:39:53 CEST 2024
Hashed Sub: key expiration time(sub 9)(4 bytes)
Time - Mon Apr 20 15:39:53 CEST 2026
Sub: issuer key ID(sub 16)(8 bytes)
Key ID - 0x****************
Hash left 2 bytes - 6e 76
RSA m^d mod n(4095 bits) - ...
-> PKCS-1
Old: Public Subkey Packet(tag 14)(525 bytes)
Ver 4 - new
Public key creation time - Sun Sep 25 17:29:13 CEST 2016
Pub alg - RSA Encrypt or Sign(pub 1)
RSA n(4096 bits) - ...
RSA e(17 bits) - ...
Old: Signature Packet(tag 2)(1116 bytes)
Ver 4 - new
Sig type - Subkey Binding Signature(0x18).
Pub alg - RSA Encrypt or Sign(pub 1)
a) --> Hash alg - SHA512(hash 10)
Hashed Sub: key flags(sub 27)(2 bytes)
Flag - This key may be used to encrypt communications
Flag - This key may be used to encrypt storage
Hashed Sub: issuer fingerprint(sub 33)(21 bytes)
v4 - Fingerprint - a1 5d ** ** ** ** ** **
Hashed Sub: signature creation time(sub 2)(4 bytes)
b) --> Time - Sat Apr 20 15:52:17 CEST 2024
Hashed Sub: key expiration time(sub 9)(4 bytes)
Time - Sun Apr 21 15:52:17 CEST 2024
Sub: embedded signature(sub 32)(540 bytes)
Ver 4 - new
Sig type - Primary Key Binding Signature(0x19).
Pub alg - RSA Encrypt or Sign(pub 1)
c) --> Hash alg - SHA1(hash 2)
Hashed Sub: signature creation time(sub 2)(4 bytes)
d) --> Time - Sun Sep 25 17:29:13 CEST 2016
Sub: issuer key ID(sub 16)(8 bytes)
Key ID - 0x****************
Hash left 2 bytes - 24 78
RSA m^d mod n(4095 bits) - ...
-> PKCS-1
Sub: issuer key ID(sub 16)(8 bytes)
Key ID - 0x****************
Hash left 2 bytes - 7f 67
RSA m^d mod n(4094 bits) - ...
-> PKCS-1
a) “Parent” subkey binding signature 0x18 was updated properly to SHA512
b) … just now a few minutes ago
c) But the embedded primary key binding signature 0x19 is still on SHA1,
d) … and it was obviously not updated, it is still the same one from years ago.
How can I get rid of that embedded primary key binding signature (in order to force gpg to update it), or update it right away?