Hi

I didn't have to deal with anything like this before, but given the
error message:

Am 2025-05-26 17:15, schrieb Martin:

>    Signing key on 72E3CB773315DFA2E464743D94532124541922FB is not 
> bound:
>               No binding signature at time 2025-05-25T14:45:30Z
>      because: Policy rejected non-revocation signature
> (PositiveCertification) requiring second pre-image resistance
>      because: SHA1 is not considered secure since 2026-02-01T00:00:00Z

I wonder if a new key is even necessary?
My thinking is, a private key signs a message, and a public key verifies
a signed message.
The signature indicates the key which needs to be used using it's hash.
I don't know what data exactly is being hashed, but I assume the hash is
based on data from, and can be generated from the public key.
This would mean a different hash could be derived with a differnt hash
algorithm from an existing key, which would mean there should be a way
to simply tell GPG to use a different hash algorithm for the key when
signing the file.

A quick google search for "gpg clear-sign digest algorithm" leads me
here:
https://superuser.com/questions/1207408/what-determines-the-clearsign-hash-algorithm-used-by-gnupg
https://www.gnupg.org/documentation/manuals/gnupg/OpenPGP-Options.html#index-personal_002ddigest_002dpreferences

So maybe the "--personal-digest-preferences" could help? Or the
"--digest-algo" Option mentioned in that other post?

Regards,
Daniel Abrecht