Fixing honoring --cert-digest-algo when recreating a cert
Christian Aistleitner
christian at quelltextlich.at
Sun Oct 14 20:27:00 CEST 2012
Dear list,
when updating a keysig packet, and the original keysig's algorithm and
the algorithm of --cert-digest-algo differ,
g10/sign.c:update_keysig_packet does not properly respect
--cert-digest-algo, but instead:
* For STABLE-BRANCH-1-4:
Creates a keysig packet carrying the orignal keysig's algorithm
identifier in the hashed data, but computes the hash using
--cert-digest-algo's algorithm, which results in a broken keysig
packet.
* For master, and STABLE-BRANCH-2-0:
--cert-digest-algo gets straight away ignored. The resulting signature
is valid, however uses the original keysig's algorithm.
The followup emails contain patches fixing the issue for those three
branches.
All the best,
Christian
--
---- quelltextlich e.U. ---- \\ ---- Christian Aistleitner ----
Companies' registry: 360296y in Linz
Christian Aistleitner
Gruendbergstrasze 65a Email: christian at quelltextlich.at
4040 Linz, Austria Phone: +43 732 / 26 95 63
Fax: +43 732 / 26 95 63
Homepage: http://quelltextlich.at/
---------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: </pipermail/attachments/20121014/b25dce01/attachment.pgp>
More information about the Gnupg-devel
mailing list