Jim Dever wrote:
> David Shaw wrote:
>
>
>> You might be able to manipulate things into verifying the signature by
>> editing the file to change the SHA1 string to SHA256, but the real
>> problem is probably in whatever program generated the message.
>
> Thanks! I thought that might be the problem although I didn't know how
> to determine what hash the message was actually using. What's
> ridiculous is that the message was produced by the PGP Global Directory
> keyserver. The message is PGP/MIME in HTML format and I don't even see
> a HASH string in the message source at all.
The hash string should be in the message header, something like
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature";
I'm pretty sure that something is defined -- Enigmail will not try to
verify the message if no hash algorithm is provided.
-Patrick
_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
