Enigmail.js errors seen on Console log

David Shaw dshaw at jabberwocky.com
Tue Nov 20 04:38:14 CET 2007


On Mon, Nov 19, 2007 at 07:18:06PM -0600, Robert J. Hansen wrote:
> Robert D. wrote:
> > I was just looking at the Apple's Console log and saw these. I was
> > wondering what caused them and what I could set to "not" cause them
> 
> These errors occur when the digest algorithm the message claims it's
> using isn't the same as the one it's actually using; or if it uses an
> algorithm other than one which must be used.  E.g., you could (pre-DSA2
> support in GnuPG) get this error message if you attempted to process a
> message that had a DSA signature using SHA256 as opposed to SHA-1 or
> RIPEMD160.

That's not completely true.  The first part is true: the error is from
a message that claims to use one hash, but actually uses a different
one.  The error does not mean that the wrong algorithm was used for
DSA.

> Looking at key 0xBA279E56, it appears to be a DSA-1024 signing key.  How
> much do you want to bet they're using DSA2 and you don't have
> enable-dsa2 in your gpg.conf?

DSA2 in GPG doesn't work that way.  --enable-dsa2 only controls
whether you are able to issue a DSA2 signature.  It does not have any
impact on whether you are able to verify someone elses DSA2 signature.

I've seen this error before - the cause back then was a PGP/MIME
signed message where the micalg field in the email header was set to
one hash, and the actual signed data was different.

David



More information about the Gnupg-users mailing list