Problem

B2Bi generates a SHA1 PGP key pair by default and some of the other applications have started to restrict PGP key pairs to SHA256 based algorithms.

Resolution

A SHA2 based PGP key can be generated on a Linux OS using the "gpg" utility.

- Run the command "gpg" without arguments to confirm it is available.

- The "gpg.conf" file found in "/home/<user>/.gnupg/" needs to be edited and the following two lines should be added.

personal-digest-preferences SHA256
cert-digest-algo SHA256

Save changes to "gpg.conf".

- Now, generate a key pair using "gpg --gen-key" command and following the prompts.

- Once generated, the following information is shown.

gpg: key 7F359C9D marked as ultimately trusted
public and secret key created and signed.
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 4 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 4u
gpg: next trustdb check due at 2022-09-11
pub 2048R/7F359C9D 2017-09-19 [expires: 2022-09-18]
Key fingerprint = E0AA 8F26 A337 0EE8 E916 3BE8 9B69 D7C2 7F35 9C9D
uid Anvesh2 (anvesh3) <a@b.com>
sub 2048R/195A5F07 2017-09-19 [expires: 2022-09-18]

- Note down the key ID which is a eight character value (7F359C9D in this case) and rest of the key details.

- Now, run the following commands to export the secret PGP keyring with armor in ".asc" format:

$ gpg --export --armor [key ID] > filename.asc

- Verify "digest algo" to confirm SHA1 or SHA2 (1 means MD5, 2 means SHA1, 8 means SHA256) by running the following command:

$ gpg -vv filename.asc

- Once verified that it is a SHA2 key, run following command to export key with secret keyring and public key. Export key with secret keyring in .asc format:

$ gpg --export-secret-keys -a keyid > my_private_key.asc

You can import this secret keyring into B2Bi under the "Community > Certificates > PGP certificates" tab and export the public key to provide to your partner.