GnuPG can't verify its own clearsign-ature

Kevin.Christian at Kevin.Christian at
Thu Sep 16 18:23:32 CEST 1999

Solaris 2.5, GnuPG 1.0.0 (All checks PASS)

This could potentially be a pilot error, in which case, I'd be most 
grateful if someone can point out the error of my ways. However, in
case it is not there may be a 1.0 bug to fix.

Mailer problems have led me to some experimentation with clear signing and
it seems I can't (properly) clear sign with SHA1, TIGER or RIPEMD160 as 
digest methods. Basically what I'm doing is:

gpg --no-options --load-extension tiger --load-extension idea --load-extension rsa --digest-algo XXX --clearsign -o dummy.pgp msg.txt

where XXX is one of: md5, sha1, ripemd160 or tiger.  Then, I follow with:

gpg --no-options --load-extension tiger --load-extension idea --load-extension rsa --verify dummy.pgp

For each signclear call I supply the right pass phrase and indicate that I 
want dummy.pgp to be overwritten. Since it probably matters, the key used for
signing is RSA.

The surprising (at least to me) result is that the verify only works when
an md5 digest is used while signing. For all other digest methods the
verify step claims I have a bad signature. If I --sign instead of --clearsign
the signature validates just fine. Using --verbose didn't produce additional
clues. Using --debug-all resulted in signal 11 failures.

Feel free to send me any questions/ideas.


More information about the Gnupg-devel mailing list