Problems with interpolibility between GnuPG and PGP when using SHA384-SHA512 hashes

David Shaw dshaw at
Thu Jun 17 14:56:17 CEST 2004

On Wed, Jun 16, 2004 at 12:09:59PM -0600, Joe Vender wrote:

> Is there some internal incompatibility between the SHA512 and SHA384
> hashs in GnuPG and the same hashes in the new PGP sdk 3.x of PGP
> 8.x?  According to information at
> , the new PGP sdk 3.x supports
> the large hash functions including SHA256, SHA384 and
> SHA512. However, when I sign a message in GnuPG 1.2.5rc2 (with
> SHA512 compiled read/write for testing) using SHA512 as the hash,
> PGP returns "BAD Signature" when verifying. Same with SHA384 signed
> GnuPG messages. PGP *DOES* verify signatures correctly when GnuPG
> uses SHA256 as the hash. Any idea what the problem might be?

It's an open question, and one of the reasons (aside from the need for
a compiler that can handle 64-bit math), that the 512 and 384 hashes
are not enabled by default.

The implementation in GnuPG matches all of the SHA test vectors, so I
doubt there is a implementation bug.  I suspect that PGP 8 doesn't
allow for these hashes for some reason, but don't know for sure.


More information about the Gnupg-devel mailing list