Hello, I have created signatures with different keys for a JPEG file. You can find both the graphics file and the signatures on this web page:
http://www.hauke-laging.de/organspende.html If I check the signatures, gpg2 2.0.15 (and at least .14, too) returns the wrong hash (unless I misunderstand something): start cmd:> LC_ALL=C gpg --verify --verbose organspende.7f637e7b.1.sig organspende.jpg Version: GnuPG v2.0.14 (GNU/Linux) gpg: armor header: gpg: Signature made Fri May 7 03:48:42 2010 CEST gpg: using RSA key 0x7F637E7B gpg: using PGP trust model gpg: Good signature from "Hauke Laging (Dieser Schlüssel ist wirklich sicher) <[email protected]>" gpg: Signature policy: http://www.hauke-laging.de/openpgp/policy.html gpg: binary signature, digest algorithm SHA1 It says SHA1 though according to my understanding -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iQFMBAABAgA2BQJL43F6LxpodHRwOi8vd3d3LmhhdWtlLWxhZ2luZy5kZS9vcGVu cGdwL3BvbGljeS5odG1sAAoJEDlYRfZ/Y35735kIAIP2LgRqxhySQ0kaOSnFZfWs YgvqeYYGHUeLIQzfGCbxD2VE0CzSQPNN3GabpsXF2DQ5xUh25n+9pu34gPAMvD6v QKM8B31vkSj/KEuCZUXMOBiEDVBQn6ypR9ZmOSo991Lm84fIaOhx8rQ0d1kWxWuH CRHemF49FSCxF/5CMcx+HMWjN6lKhQFK3z61In23Xjmf+dRFYxbPkInqu4tw6q4b OODVVsK8FhCWz2aUNBSgWzwhmwwCD1R4/IblMejrStsbT0tFNzVbg3KKIQ7bHUD5 k++hjk0K332ZXnR4X9jZku7FPpgAtp44/k0Op+yGZqW6RW6zu5s5fFPnkijef6U= =eaxc -----END PGP SIGNATURE----- is obviously not an SHA1 signature. The check deliveres the correct result for the signature of the other key (which I created immediately before on the same system): start cmd:> LC_ALL=C gpg --verify --verbose organspende.eccb5814.2.sig organspende.jpg Version: GnuPG v2.0.14 (GNU/Linux) gpg: armor header: gpg: Signature made Fri May 7 03:49:11 2010 CEST gpg: using RSA key 0x3A403251 gpg: using subkey 0x3A403251 instead of primary key 0xECCB5814 gpg: using PGP trust model gpg: Good signature from "Hauke Laging <[email protected]>" gpg: aka "Hauke Laging <[email protected]>" gpg: aka "Hauke Laging <[email protected]>" gpg: Signature policy: http://www.hauke-laging.de/openpgp/policy.html gpg: binary signature, digest algorithm SHA512 There are two differences between the keys: ECCB5814 has a DSA primary key and an RSA subkey for signing. This key is stored in my normal keyring. 7F637E7B is on a smartcard. Due to some configuration error during key creation the primary key is for signing, too: start cmd:> LC_ALL=C gpg --edit-key 7F637E7B [...] pub 2048R/0x7F637E7B created: 2010-03-04 expires: 2015-03-03 usage: SC Up to now I don't think that any real problems arise from this. It seems to be a "cosmetic" problem. Is this a bug or have I made any mistake? CU Hauke -- PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814 _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
