[PATCH] Make update_keysig_packet honour cert-digest-algo

J Cruickshanks cruicky at cruicky.co.uk
Sun May 10 17:11:09 CEST 2009


Hi there,

Firstly, I should warn you this is the first set of patches I've
submitted for any software ever, so please accept my apologies if
something is out of order.  :)

With all the recent SHA-1 related news, I decided to test gpg to ensure
that updated self-signatures used the algorithm specified in
cert-digest-algo. I discovered that gpg takes the digest algorithm from
the previous self-signature. This patch allows this behaviour to be
overridden by using the digest specified by cert-digest-algo. I will be
honest and say that I haven't read the full PGP specification, so this
might be against it so feedback on this would be welcome.

I have included 2 patches, one against 1.4.9 for people still using
1.4.9 who wish to patch, and a patch against the current SVN. Both
patches have been tested to the point that they produce valid signatures
using an RSA key that can be checked with --check-sigs. The patches were
applied to the current source packages of gnupg and gnupg2 in Ubuntu
Intrepid.

I welcome your feedback on these patches.

Regards
J Cruickshanks

P.S. Sorry to the people on the gcrypt-devel list for sending it to the
wrong list first. :)
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: update_keysig_packet.diff
URL: </pipermail/attachments/20090510/45ab3c32/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: update_keysig_packet_svn.diff
URL: </pipermail/attachments/20090510/45ab3c32/attachment-0001.txt>


More information about the Gnupg-devel mailing list