Problems with interpolibility between GnuPG and PGP
when using SHA384-SHA512 hashes
Joe Vender
jvender at owensboro.net
Fri Jun 18 05:33:06 CEST 2004
I've just heard back from Will Price. Here's his statement. It's as you
suspected. The SDK has the large hash capability at a low level, but
the frontends don't officially support them.
*** PGP SIGNATURE VERIFICATION ***
*** Status: Good Signature
*** Signer: Will Price <wprice at pgp.com> (0xCF73EC4C)
*** Signed: 6/17/04 8:14:58 PM
*** Verified: 6/17/04 9:30:24 PM
*** BEGIN PGP DECRYPTED/VERIFIED MESSAGE ***
We don't officially support any of the new hashes in message
encoding/decoding even though the SDK may provide access to the
low-level algorithms and you may find that some usages of these things
more or less work in the front ends. We'll look into this at some
point.
On Jun 17, 2004, at 12:06 PM, Joe Vender wrote:
> Hello Will,
> I notice that at <http://www.pgp.com/products/sdk.html>, PGP Corp
> states that PGPSDK 3.0 handles the large SHA2 hash functions
including
> SHA384 & SHA512. Are these enabled in the freeware build?
>
> I've been personally testing GnuPG against PGP. Having compiled GnuPG
> with the three SHA2 hashes enabled read/write, I've found that PGP
8.1
> freeware returns "Bad Signature" when verifying a GnuPG signed
message
> which was signed using either SHA384 or SHA512 as the hash. PGP 8.1
> will, however, verify a GnuPG signed message which was signed using
> SHA256. Any idea what is going on here? Thanks.
>
> Best,
> Joe
--
Will Price, VP Engineering
PGP Corporation
*** END PGP DECRYPTED/VERIFIED MESSAGE ***
More information about the Gnupg-devel
mailing list