RPM file format changes to support SHA-256

Using SHA-256 for verifying payload files
has a new name,. A new tag,, specifies the algorithm used for payload file digests, as a number, using the OpenPGP (RFC4880) hash algorithm numbering; if this tag is not present, the default digest algorithm is MD5.

is a list of strings, each string containing a hash of the type specified by, same as original   except for the used algorithm and the size of each hash.

When building RPMs, the digest algorithm can be specified using the  and   macros.

Using SHA-256 in signatures
Instead of DSA/SHA1 signatures, RSA/SHA256 signatures are used. RPM stores RSA signatures in the old  and   tags instead of the   and   tags used for DSA. ("PGP" really means "uses RSA"; the signature is still created using gpg, and  is still  .)

In any case, the signature is a simple "detached signature" OpenPGP (RFC4880) packet.

rpm currently cannot handle "version 4" signatures using RSA, and gnupg > 1.4.7 defaults to "version 4" signatures, so

must be used when signing packages on Fedora >= 9.

If the signer's gnupg configuration is not set to use SHA-256 by default,

needs to be added to the above macro.