GPG 1.4.1 and RIPEMD160 problem
David Shaw
dshaw at jabberwocky.com
Wed Mar 23 18:05:06 CET 2005
On Wed, Mar 23, 2005 at 05:55:56PM +0100, Martin Schoch wrote:
> Hello,
>
> is there a known problem with the new version GnuPG 1.4.1 with
> hash RIPEMD160?
>
> I got a message which was signed with RIPEMD160 and got the error
> message from gpg when I wanted to verify the signature:
>
> gpg: Signature made 03/23/05 13:21:07 using DSA key ID DBE6E678
> gpg: WARNING: signature digest conflict in message
> gpg: Can't check signature: general error
>
> Or does the sender something wrong with the GnuPG setup?
There are two ways this could happen - one, a clearsigned message that
has a "Hash:" header that doesn't match the actual hash used in the
signature, and two, a onepass signed message that claims to be one
hash, but is actually another.
In short, this is a bad message. What program generated it?
David
More information about the Gnupg-devel
mailing list