gnupg, news and Signature Verify

Hanno 'Rince' Wagner wagner at
Thu Mar 2 15:38:45 CET 2006


I try to establish a way to sign my NewsPostings and - more
interesting - also to verify the messages posted by other people.
Since I am using new keys, the digest algorithm is SHA1 - which I
also use. But gpg seem to have a problem with the signed message (I
can not see why).

I have put the message on to
verify for everyone. When I do a "gpg --verify --verbose", I get the

$ gpg --verbose --verify newssig.asc
gpg: armor header: Version: GnuPG-v1.4.1
gpg: original file name=''
gpg: Signature made Thu Mar  2 14:44:15 2006 CET using DSA key ID 0B707552
gpg: WARNING: signature digest conflict in message
gpg: Can't check signature: general error

pgpdump sais that the digest-algorithm is SHA1 and valid:
$ pgpdump newssig.asc
        Pub alg - DSA Digital Signature Algorithm(pub 17)
	Hash alg - SHA1(hash 2)

Can anyone tell me why gpg sees a digest conflict in that message?

I'd understand if the signature would be bad or wrong, but
apparently it can not check wether the signature is valid.

Ciao, Hanno
|  Hanno Wagner  | Member of the HTML Writers Guild  | Rince at IRC      |
| Eine gewerbliche Nutzung meiner Email-Adressen ist nicht gestattet! |
| 74 a3 53 cc 0b 19 - we did it!          |    Generation @           |
#"Das Faxe ist alle und jetzt sitze ich hier mit T-Shirt und Krawatte..."
#	-- sven at (Sven Hoffmann)  erklärt das Binden
#	   von Krawatten

More information about the Gnupg-users mailing list