your mail
Werner Koch
wk at isil.d.shuttle.de
Sun Nov 15 12:23:09 CET 1998
Michael Sobolev <mss at despair.transas.com> writes:
> Sorry, I did not quite catch. Do you mean that by default gpg uses one hash
> algorithm while signing, and another while verifying? That would be strange...
Yes, in some cases. Remember that GnuPG is able to work as a filter,
so it cannot look at the signature at the end of a cleartext signed
message which has the information which Hash algorithm has been used
for the signature. So if there is no "Hash:" line at he beginning of
a cleartext signature, GnuPG should calulated the hash with all
available algorithms and then later when it sees the hash algorithm
used in the signature use this hash to verify the signature.
Calculating the hashs whith all algorithm takes a little bit longer
but it works without the "Hash:" line. Consider the "Hash:" line as a
hint which hash algorithm should be used.
Okay, I have to check whether this still works - I think I broke it
some time ago.
Werner
More information about the Gnupg-devel
mailing list