Hash selection defaults

Simon Josefsson simon+kde@josefsson.org
Fri Oct 11 11:54:02 2002

Any chance the hash guessing defaults could be modified to work on
messages without "Hash: FOO"?  I guess it would require hashing data
using all supported algorithms.  Or is the sender non-conformant

Verifying the message below generates the following:

gpg: Signature made Tue Oct  8 11:49:54 2002 CEST using DSA key ID 797A9091
gpg: WARNING: signature digest conflict in message
gpg: BAD signature from "[?]"

but if I insert Hash: SHA1 it works.

I'm using gpg 1.3 from CVS a week ago or so if it matters.



  I have run into some trouble with KMail, gpg and pgp5i. I will expose the

I usually use pgp5i and have exported my public key to a keyserver. Before
doing that I checked that using PGP5i in different machines and with
different identities KMail worked fine, detecting the validity of signatures.

 The problem arises when people who only use GnuPG import my public key from
the keyserver. All emails from my address appear in Red in their Mail folders
and with a "Warning: The signature is bad" message. These people use, under
KMail  -> Settings -> Security -> OpenPGP option "Select encryption tool to
use: GnuPG".

 If the previous option is set to: "Autodetect", then the email will appear in
yellow with a "The validity of the signature can't be verified" message.

However if one only uses KMail with PGP5 (for which one imports my public key
from the keyserver) the emails appear in green and with a "The signature is
valid and the key is fully trusted" message.

 Is there some kind of incompatibilty between GnuPG and PGP5i?. Is this a
KMail problem which, when using GnuPG does not recognize the validity of
messages signed with PGP5i?.

On the other hand Kmail works fine the other way round, that is messages
signed with GnuPG are correctly verified.

Any ideas?

Pablo de Vicente.

Version: PGPfreeware 5.0i for non-commercial use
MessageID: BS2TIf27uBlIHFXSqOHkx4HLS4m+jkER