GPG 1.4.1 and RIPEMD160 problem

David Shaw dshaw at
Wed Mar 23 18:05:06 CET 2005

On Wed, Mar 23, 2005 at 05:55:56PM +0100, Martin Schoch wrote:
> Hello,
>   is there a known problem with the new version GnuPG 1.4.1 with
>   hash RIPEMD160?
>   I got a message which was signed with RIPEMD160 and got the error
>   message from gpg when I wanted to verify the signature:
> gpg: Signature made 03/23/05 13:21:07 using DSA key ID DBE6E678
> gpg: WARNING: signature digest conflict in message
> gpg: Can't check signature: general error
>   Or does the sender something wrong with the GnuPG setup?

There are two ways this could happen - one, a clearsigned message that
has a "Hash:" header that doesn't match the actual hash used in the
signature, and two, a onepass signed message that claims to be one
hash, but is actually another.

In short, this is a bad message.  What program generated it?


More information about the Gnupg-devel mailing list