On Fri, Apr 06, 2001 at 04:55:33PM -0400, Sam Varshavchik wrote:
> On Fri, 6 Apr 2001, Vincent Schonau wrote:
[ pgp-sha1/md5 ]
> > Am I overlooking something that _doesn't_ work? Why is that test there?
> It is my understanding that GnuPG uses SHA1 to calculate signatures. The
> header is for informative purposes only. If the header indicates that
> this message uses MD5, it's not going to even bother trying to verify it.
But mutt with gpg _does_ verify it; and correctly, too. The mutt manual that
came with my copy says
So if you are using an RSA key for signing, set this variable to
`pgp-md5'', if you use a PGP 5 DSS key for signing, say `pgp-sha1''
here. The value of this variable will show up in the micalg parameter of
MIME headers when creating RFC 2015 signatures.
... which means that pgp-md5 would be the correct algorithm for the
signature on this message.
> > My copy of gnupg appears to support MD5, SHA1 and RIMEMD160 as hash
> > algorithms. Wouldn't mimegpg work fine for all those?
> Double check that you really support MD5 signatures.
>From `gpg --version`:
Supported algorithms:
Cipher: IDEA, 3DES, CAST5, BLOWFISH, RIJNDAEL, RIJNDAEL192, RIJNDAEL256,
TWOFISH
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA, ELG
Hash: MD5, SHA1, RIPEMD160
Signing a file with
$ gpg --clearsign --digest-algo md5 < infile > md5.out
works, as far as I can tell. gpg doesn't complain. In contrast,
$ gpg --clearsign --digest-algo xxx < infile> xxx.out
I get:
gpg: selected digest algorithm is invalid
Now, (trying to be thorough), when I do
$ gpg -vv < md5.out
part of the output is:
version 3, created 986631853, md5len 5, sigclass 01
digest algo 2, begin of digest ee 6e
When I repeat that excercise with --digest-algo sha1, it reads:
version 3, created 986631838, md5len 5, sigclass 01
digest algo 1, begin of digest 9d 6b
Note the distinct algorithms (so gpg doesn't just use SHA1 without
complaining).
To me, this looks like gpg supports md5, but I'm no expert on encryption or
gpg - and I know nothing about RFC 2015.
Thanks again,
Vince.
