Fixing honoring --cert-digest-algo when recreating a cert

Christian Aistleitner christian at
Sun Oct 14 20:27:00 CEST 2012

Dear list,

when updating a keysig packet, and the original keysig's algorithm and
the algorithm of --cert-digest-algo differ,
g10/sign.c:update_keysig_packet does not properly respect
--cert-digest-algo, but instead:

Creates a keysig packet carrying the orignal keysig's algorithm
identifier in the hashed data, but computes the hash using
--cert-digest-algo's algorithm, which results in a broken keysig

* For master, and STABLE-BRANCH-2-0:
--cert-digest-algo gets straight away ignored. The resulting signature
is valid, however uses the original keysig's algorithm.

The followup emails contain patches fixing the issue for those three

All the best,

---- quelltextlich e.U. ---- \\ ---- Christian Aistleitner ----
                           Companies' registry: 360296y in Linz
Christian Aistleitner
Gruendbergstrasze 65a        Email:  christian at
4040 Linz, Austria           Phone:          +43 732 / 26 95 63
                             Fax:            +43 732 / 26 95 63
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: </pipermail/attachments/20121014/b25dce01/attachment.pgp>

More information about the Gnupg-devel mailing list