Move away from SHA-1 key fingerprints

[martinpitt]

tang-show-keys currently uses SHA-1 to compute key fingerprints. SHA-1 is too broken these days and will be removed from e.g. RHEL 9 soon (see https://bugzilla.redhat.com/show_bug.cgi?id=1934937). Would it be possible to move to SHA2 for the key fingerprints?

[sergio-correia]

Yeah, it would be possible (and desirable) to do so. We need to update clevis first, though, so that it works with the new fingerprint hash and keeps working also with the legacy one.

There is this [1] clevis PR where there was some initial attempt in this direction. I should update it in the next days with a slightly different approach.

[1] latchset/clevis#264

[sergio-correia]

I opened #65 to address this.

[sergio-correia]

#65 has been merged, so I am closing this.