WARNING: signature digest conflict in message ?
dshaw at jabberwocky.com
Thu Sep 25 14:54:58 CEST 2008
On Sep 25, 2008, at 8:05 AM, Matija Nalis wrote:
> I did most of the testing with default debian Etch gnupg 1.4.6-2,
> but I've also verified that problem exists is gnupg 1.4.9-3
> The problem is if one uses clearsign format without "Hash:" line, and
> the actual hash used is *not* MD5, the "gpg --verify" fails with:
> gpg: WARNING: signature digest conflict in message
> gpg: Can't check signature: general error
> If one uses detached signatures, the gpg correctly guess hash used
> from the signature, uses that, and correctly verifies message.
> If one uses clearsign signature, but without "Hash:" line, it
> fails, unless the hash happens to be MD5.
This is specified in RFC-4880:
If the "Hash" Armor Header is given, the specified message digest
algorithm(s) are used for the signature. If there are no such
headers, MD5 is used. If MD5 is the only hash used, then an
implementation MAY omit this header for improved V2.x compatibility.
> Would it be possible in such a case to try to deduce the hash used
> from signature, before (or instead of) falling back to assuming it is
> MD5 ? I see no reason why it couldn't be possible.
Verifying a clear signature uses the Hash: header to set up the hash
context, then the data is hashed, then the signature is read - in that
order. If GPG is getting the clear signatures in a stream it would
have to buffer all the data until it finds out what the hash is by
reading the signature, then go back and hash the data. If the data is
large, that may not be possible.
>  Yes, I know it would work if the "Hash: SHA1" line was present
> after "-----BEGIN PGP SIGNED MESSAGE-----", and while I could
> easily fix it in my server, there are tons of other places where
> it probably won't be fixed (long story - the software is INN's
> pgpverify < 1.23)
What is generating these messages in the first place? Why not fix
that? I know your sample message was signed by GPG, but GPG puts the
right Hash headers in. Is something stripping them out?
More information about the Gnupg-devel