GPG 1.4.1 and RIPEMD160 problem

Atom Smasher atom at
Thu Mar 24 05:20:34 CET 2005

On Wed, 23 Mar 2005, David Shaw wrote:

> There are two ways this could happen - one, a clearsigned message that 
> has a "Hash:" header that doesn't match the actual hash used in the 
> signature, and two, a onepass signed message that claims to be one hash, 
> but is actually another.

use "pgpdump" or "gpg --list-packets" to see what hash the signature 
~really~ uses.


  PGP key -
  762A 3B98 A3C3 96C9 C6B7 582A B88D 52E4 D9F5 7808

 	When cryptography is outlawed,

More information about the Gnupg-devel mailing list