diff --git a/pmb/chroot/apk_static.py b/pmb/chroot/apk_static.py
index 00f9cc37b470a38535e416ed58671ce1f25a79f9..7cbc4e9fdd713da60c3e49226d7763a7cead98ae 100644
--- a/pmb/chroot/apk_static.py
+++ b/pmb/chroot/apk_static.py
@@ -25,7 +25,7 @@ def read_signature_info(tar):
     :returns: (sigfilename, sigkey_path)
     """
     # Get signature filename and key
-    prefix = "sbin/apk.static.SIGN.RSA."
+    prefix = "sbin/apk.static.SIGN.RSA.sha256."
     sigfilename = None
     for filename in tar.getnames():
         if filename.startswith(prefix):
@@ -85,7 +85,7 @@ def verify_signature(args, files, sigkey_path):
     """
     logging.debug(f"Verify apk.static signature with {sigkey_path}")
     try:
-        pmb.helpers.run.user(args, ["openssl", "dgst", "-sha1", "-verify",
+        pmb.helpers.run.user(args, ["openssl", "dgst", "-sha256", "-verify",
                                     sigkey_path, "-signature", files[
                                         "sig"]["temp_path"],
                                     files["apk"]["temp_path"]])
diff --git a/test/test_apk_static.py b/test/test_apk_static.py
index 84530f4699c3dc054ea0231c08d28081211f5aba..761576decc77660cecce3e6c0b7a7cefbb31a998 100644
--- a/test/test_apk_static.py
+++ b/test/test_apk_static.py
@@ -44,9 +44,9 @@ def test_read_signature_info(args):
     # Signature file with invalid name
     pmb.chroot.user(args, ["mkdir", "-p", tmp_path + "/sbin"])
     pmb.chroot.user(args, ["cp", "/etc/issue", tmp_path +
-                           "/sbin/apk.static.SIGN.RSA.invalid.pub"])
+                           "/sbin/apk.static.SIGN.RSA.sha256.invalid.pub"])
     pmb.chroot.user(args, ["tar", "-czf", tmp_path + "/invalid_sig.apk",
-                           "sbin/apk.static.SIGN.RSA.invalid.pub"],
+                           "sbin/apk.static.SIGN.RSA.sha256.invalid.pub"],
                     working_dir=tmp_path)
     with tarfile.open(tmp_path_outside + "/invalid_sig.apk", "r:gz") as tar:
         with pytest.raises(RuntimeError) as e:
@@ -56,9 +56,9 @@ def test_read_signature_info(args):
     # Signature file with realistic name
     path = glob.glob(pmb.config.apk_keys_path + "/*.pub")[0]
     name = os.path.basename(path)
-    path_archive = "sbin/apk.static.SIGN.RSA." + name
+    path_archive = "sbin/apk.static.SIGN.RSA.sha256." + name
     pmb.chroot.user(args, ["mv",
-                           f"{tmp_path}/sbin/apk.static.SIGN.RSA.invalid.pub",
+                           f"{tmp_path}/sbin/apk.static.SIGN.RSA.sha256.invalid.pub",
                            f"{tmp_path}/{path_archive}"])
     pmb.chroot.user(args, ["tar", "-czf", tmp_path + "/realistic_name_sig.apk",
                            path_archive], working_dir=tmp_path)