On Mon, Nov 19, 2007 at 07:18:06PM -0600, Robert J. Hansen wrote: > Robert D. wrote: > > I was just looking at the Apple's Console log and saw these. I was > > wondering what caused them and what I could set to "not" cause them > > These errors occur when the digest algorithm the message claims it's > using isn't the same as the one it's actually using; or if it uses an > algorithm other than one which must be used. E.g., you could (pre-DSA2 > support in GnuPG) get this error message if you attempted to process a > message that had a DSA signature using SHA256 as opposed to SHA-1 or > RIPEMD160.
That's not completely true. The first part is true: the error is from a message that claims to use one hash, but actually uses a different one. The error does not mean that the wrong algorithm was used for DSA. > Looking at key 0xBA279E56, it appears to be a DSA-1024 signing key. How > much do you want to bet they're using DSA2 and you don't have > enable-dsa2 in your gpg.conf? DSA2 in GPG doesn't work that way. --enable-dsa2 only controls whether you are able to issue a DSA2 signature. It does not have any impact on whether you are able to verify someone elses DSA2 signature. I've seen this error before - the cause back then was a PGP/MIME signed message where the micalg field in the email header was set to one hash, and the actual signed data was different. David _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
