GnuPG 1.3.4 SHA256 problem?
dshaw at jabberwocky.com
Tue Dec 2 20:17:51 CET 2003
-----BEGIN PGP SIGNED MESSAGE-----
On Tue, Dec 02, 2003 at 06:46:18PM -0600, Joe Vender wrote:
> |> When using the SHA256 hash with the DSA key, I was prompted for
> |> a passphrase, which led me to believe that the settings would
> |> work, and the partial output was confusing, since I wasn't aware
> |> that it wouldn't work. When the SHA256 hash is released
> |> (read/write) as part of the next production stable gnupg, new
> |> gpg users will probably make the same mistake trying to use
> |> SHA256 with a DSA key.
> | I'm not sure I get this. You tried something that is impossible, and
> | you got an error message ("DSA requires the use of a 160 bit hash
> | algorithm") saying so. Where's the problem?
> The problem isn't that I got an error message because I did something
> that is impossible. It's that gpg created partial, incomplete output
> when it was asked to do something that is impossible. gpg output the
> following when trying to clearsign the word 'test'
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> and then failed, when it would make more sense for it to not create
> any output, but instead, just fail if it is asked to do something
> impossible. The processing made it through the creation of the
> message header and the text that was to be signed before
> failing. This is what I meant.
I see. In this particular case it is possible to check, but this is
not always possible as some error conditions happen during processing.
GnuPG, unlike PGP, is stream based, so do not rely on the appearance
of an output file as an indication that something worked.
GnuPG worked properly here. It gave an error message, and it returned
with a non-zero return code. If the return code isn't zero, the
output file is meaningless.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.5-cvs (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
-----END PGP SIGNATURE-----
More information about the Gnupg-devel