RFC 2015

Albrecht Dreß albrecht.dress at arcor.de
Sat Oct 28 18:18:59 CEST 2006

Am 27.10.06 18:20 schrieb(en) Nicholas Cole:
> The RFC for PGP/MIME email specifies that the type of signature used
> must be specified as "pgp-md5" or "pgp-sha1" when creating signed-only
> messages.
> Is there an updated version now that the OpenPGP spec lets one use
> other alogorithms?

RFC 2015 has been updated by RFC 3156 <http://www.ietf.org/rfc/rfc3156> in  
2001.  Quoting from Sect. 5 "OpenPGP signed data":

    The "micalg" parameter for the "application/pgp-signature" protocol
    MUST contain exactly one hash-symbol of the format "pgp-<hash-
    identifier>", where <hash-identifier> identifies the Message
    Integrity Check (MIC) algorithm used to generate the signature.
    Hash-symbols are constructed from the text names registered in [1] or
    according to the mechanism defined in that document by converting the
    text name to lower case and prefixing it with the four characters

    Currently defined values are "pgp-md5", "pgp-sha1", "pgp-ripemd160",
    "pgp-md2", "pgp-tiger192", and "pgp-haval-5-160".

Cheers, Albrecht.

  Albrecht Dreß  -  Johanna-Kirchner-Straße 13  -  D-53123 Bonn (Germany)
        Phone (+49) 228 6199571  -  mailto:albrecht.dress at arcor.de
   GnuPG public key:  http://www.mynetcologne.de/~nc-dreszal/pubkey.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20061028/ea73b6c9/attachment.pgp

More information about the Gnupg-devel mailing list