Aw: Re: [Announce] GnuPG 2.0.2 released
Albrecht Dreß
albrecht.dress at arcor.de
Mon Feb 5 11:02:29 CET 2007
> > Werner, Gnus isn't correctly setting the PGP/MIME headers so your
> > signature isn't verifying...
>
> Sorry, I can't confirm that. Gnus verifies the message correctly as
> well as Mutt does. Note that Mailman adds an extra container around
> any signed mail to not break the signature - thus only the inner part
> is signed and Mutt (using set crypt_use_gpgme) displays "Part of this
> message has not been signed".
I can confirm this problem when trying to verify the message with Balsa, which also uses gpgme. The problem is apparently that Gnus violates RFC 3156 [1], section 5 which states that
The "micalg" parameter for the "application/pgp-signature" protocol
MUST contain exactly one hash-symbol of the format "pgp-<hash-
identifier>", where <hash-identifier> identifies the Message
Integrity Check (MIC) algorithm used to generate the signature.
Gnus omits the "pgp-" in the micalg parameter.
Cheers, Albrecht.
[1] http://www.ietf.org/rfc/rfc3156
Viel oder wenig? Schnell oder langsam? Unbegrenzt surfen + telefonieren
ohne Zeit- und Volumenbegrenzung? DAS TOP ANGEBOT JETZT bei Arcor: günstig
und schnell mit DSL - das All-Inclusive-Paket für clevere Doppel-Sparer,
nur 44,85 € inkl. DSL- und ISDN-Grundgebühr!
http://www.arcor.de/rd/emf-dsl-2
More information about the Gnupg-devel
mailing list