Warning message about key 97D2B6FC0D3BCB4ABC56679C11B01C94D1BE1726

[ralphlange]

Updating my Debian testing system, I start seeing messages like:

W: http://epics.nsls2.bnl.gov/debian/dists/wheezy/InRelease: Signature by key 97D2B6FC0D3BCB4ABC56679C11B01C94D1BE1726 uses weak digest algorithm (SHA1)
W: http://epics.nsls2.bnl.gov/debian/dists/wheezy/staging/InRelease: Signature by key 97D2B6FC0D3BCB4ABC56679C11B01C94D1BE1726 uses weak digest algorithm (SHA1)

[jrcoding]

Correct, seems the key has been generated with gpg option 'cert-digest-algo SHA1'.
Because in near future apt will deny using keys which are generated with SHA1 newer apt versions now complain.
We had the same problem with our local debian repo. The cure is to install a new key generated with the gpg option 'cert-digest-algo SHA512'.
Of course a job for the repo maintainer.

[mdavidsaver]

No need to replace the key to fix this. Use gpg --edit-key D1BE1726 and update the algorithm preferences. Simplest way to do this is simply to use a more recent version of gpg, run setpref with no arguments and accept the defaults.

It might also be necessary set cert-digest-algo or personal-digest-preferences in gpg.conf.

To verify

$ echo test > test
$ gpg -o test.sig --sign test
$ gpg -v --verify test.sib
...
gpg: binary signature, digest algorithm SHA256