From 9b485bece37dad4afa71b4767901815343a70404 Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <hans@eds.org>
Date: Thu, 21 Nov 2013 21:32:44 -0500
Subject: [PATCH] switch repo key fingerprint to SHA-256 since SHA-1 is
 considered deprecated

* a number of sources have said to avoid SHA-1 in new implementations
* nothing currently depends on the SHA-1 fingerprint in the code, it is
  only used to display on the repo list.
* Java 7 requires SHA-256 to be included
* keytool -list -v shows the SHA-256 fingerprint
---
 src/org/fdroid/fdroid/ManageRepo.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/org/fdroid/fdroid/ManageRepo.java b/src/org/fdroid/fdroid/ManageRepo.java
index 46c45d421..8b91e440d 100644
--- a/src/org/fdroid/fdroid/ManageRepo.java
+++ b/src/org/fdroid/fdroid/ManageRepo.java
@@ -233,7 +233,8 @@ public class ManageRepo extends ListActivity {
     protected String getRepoFingerprint(Repo repo) {
         String ret = null;
         try {
-            MessageDigest digest = MessageDigest.getInstance("SHA-1");
+            // keytool -list -v gives you the SHA-256 fingerprint
+            MessageDigest digest = MessageDigest.getInstance("SHA-256");
             digest.update(Hasher.unhex(repo.pubkey));
             byte[] fingerprint = digest.digest();
             Formatter formatter = new Formatter(new StringBuilder());