diff --git a/lib/diaspora/encryptable.rb b/lib/diaspora/encryptable.rb
index 75bcca4e2..734df8461 100644
--- a/lib/diaspora/encryptable.rb
+++ b/lib/diaspora/encryptable.rb
@@ -1,5 +1,7 @@
 module Diaspora
   module Encryptable
+    
+    LAST_FALLBACK_TIME = "Sept 15 2011 17:00 UTC "
     # Check that signature is a correct signature of #signable_string by person
     #
     # @param [String] signature The signature to be verified.
@@ -17,7 +19,11 @@ module Diaspora
         return false
       end
       log_string = "event=verify_signature status=complete guid=#{self.guid}"
-      validity = person.public_key.verify "SHA", Base64.decode64(signature), signable_string
+      validity = person.public_key.verify OpenSSL::Digest::SHA256.new, Base64.decode64(signature), signable_string
+      if !validity && Time.now < Time.parse(LAST_FALLBACK_TIME)
+        validity = person.public_key.verify "SHA", Base64.decode64(signature), signable_string
+      end
+      #validity = person.public_key.verify "SHA", Base64.decode64(signature), signable_string
       log_string += " validity=#{validity}"
       Rails.logger.info(log_string)
       validity
@@ -26,7 +32,7 @@ module Diaspora
     # @param [OpenSSL::PKey::RSA] key An RSA key
     # @return [String] A Base64 encoded signature of #signable_string with key
     def sign_with_key(key)
-      sig = Base64.encode64s(key.sign "SHA", signable_string)
+      sig = Base64.encode64s(key.sign( OpenSSL::Digest::SHA256.new, signable_string ))
       log_hash = {:event => :sign_with_key, :status => :complete}
       log_hash.merge(:model_id => self.id) if self.respond_to?(:persisted?)
       Rails.logger.info(log_hash)
diff --git a/spec/lib/diaspora/encryptable_spec.rb b/spec/lib/diaspora/encryptable_spec.rb
new file mode 100644
index 000000000..9906ad870
--- /dev/null
+++ b/spec/lib/diaspora/encryptable_spec.rb
@@ -0,0 +1,38 @@
+#   Copyright (c) 2010, Diaspora Inc.  This file is
+#   licensed under the Affero General Public License version 3 or later.  See
+#   the COPYRIGHT file.
+
+require 'spec_helper'
+
+describe Diaspora::Encryptable do
+  before do
+    @comment = Factory(:comment, :author => bob.person)
+  end
+  describe '#sign_with_key' do
+    it 'signs the object with RSA256 signature' do
+      sig = @comment.sign_with_key bob.encryption_key
+      bob.public_key.verify(OpenSSL::Digest::SHA256.new, Base64.decode64(sig), @comment.signable_string).should be_true
+    end
+  end
+
+  describe '#verify_signature' do
+    it 'verifies SHA256 signatures' do
+      sig = @comment.sign_with_key bob.encryption_key
+      @comment.verify_signature(sig, bob.person).should be_true
+    end
+
+    context "fallback" do
+      it "checks the SHA if it's within the week of the rollout window" do
+        sig = Base64.encode64s(bob.encryption_key.sign( "SHA", @comment.signable_string )) 
+        @comment.verify_signature(sig, bob.person).should be_true
+      end
+
+      it 'does not verify the fallback after rollout window' do
+        Kernel::silence_warnings { Diaspora::Encryptable.const_set(:LAST_FALLBACK_TIME,((Time.now - 1.week).to_s))}
+
+        sig = Base64.encode64s(bob.encryption_key.sign( "SHA", @comment.signable_string )) 
+        @comment.verify_signature(sig, bob.person).should be_false
+      end
+    end
+  end
+end