I recently created a new OpenPGP key for my Apache (ASF) account. Of course I wanted to sign it with my existing GnuPG key I have since 2007. To my surprise, it failed with these error messages:
gpg: Note: third-party key signatures using the SHA1 algorithm are rejected gpg: signing failed: Invalid digest algorithm gpg: signing failed: Invalid digest algorithm
It took me a few hours to figure out what’s wrong. Obviously something with SHA1, but GnuPG doesn’t tell you WHAT is wrong and HOW to fix it.