On Mon, Nov 06, 2006 at 11:19:18AM +0100, Patrick Brunschwig wrote: > Jim Dever wrote: > > David Shaw wrote: > > > > > >> You might be able to manipulate things into verifying the signature by > >> editing the file to change the SHA1 string to SHA256, but the real > >> problem is probably in whatever program generated the message. > > > > Thanks! I thought that might be the problem although I didn't know how > > to determine what hash the message was actually using. What's > > ridiculous is that the message was produced by the PGP Global Directory > > keyserver. The message is PGP/MIME in HTML format and I don't even see > > a HASH string in the message source at all. > > The hash string should be in the message header, something like > Content-Type: multipart/signed; micalg=pgp-sha1; > protocol="application/pgp-signature"; > > I'm pretty sure that something is defined -- Enigmail will not try to > verify the message if no hash algorithm is provided.
Ah, I recall this problem. I reported it to the PGP GD people quite a while ago, and I thought it had been fixed. The GD was generating a PGP/MIME micalg setting of pgp-sha1, but the actual signature was being made with SHA256. David _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
