Hashes and cleartext sigs

Werner Koch wk at isil.d.shuttle.de
Sun Nov 15 12:35:46 CET 1998

Michael Sobolev <mss at despair.transas.com> writes:

> Sorry, I did not quite catch.  Do you mean that by default gpg uses one hash
> algorithm while signing, and another while verifying?  That would be strange...

A little bit more verbose:

The code in armor.c inserts faked onepass signature packets just
before the regular cleartext (which is also but into a faked
plaintext packet).  Here is the code in mainproc.c which handles this:

    any = 0;
    for(n=c->list; n; n = n->next ) {
        if( n->pkt->pkttype == PKT_ONEPASS_SIG ) {
            if( n->pkt->pkt.onepass_sig->digest_algo ) {
                md_enable( c->mfx.md, n->pkt->pkt.onepass_sig->digest_algo );
                any = 1;
    if( !any ) { /* no onepass sig packet: enable all standard algos */
        md_enable( c->mfx.md, DIGEST_ALGO_RMD160 );
        md_enable( c->mfx.md, DIGEST_ALGO_SHA1 );
        md_enable( c->mfx.md, DIGEST_ALGO_MD5 );

So what it does is to loop over all the onepass signature packets, and
enable all hash algorithm which have been seen in a "Hash:" line and
if there were no hash algorithms in the onepass signature packets (i.e
no known algorithms in "Hash:" line); hashed over rmd160, SHA1 and MD5
are calculated. After hashing the plaintext, it sees the signature
packet with the really used hash algorithm and then this one is used
(and we hope it is one of the 3 defauls or the ones form the
"Hash:" lines.


More information about the Gnupg-devel mailing list