could not check signature

David Shaw dshaw at jabberwocky.com
Thu Mar 24 05:12:41 CET 2005 

On Thu, Mar 24, 2005 at 03:54:08AM +0100, Henk de Bruijn wrote:
> On Wed, 23 Mar 2005 21:33:18 -0500GMT (24-3-2005, 3:33 +0100, where I
> live), David Shaw wrote:
> 
> > On Thu, Mar 24, 2005 at 03:21:08AM +0100, Henk de Bruijn wrote:
> 
> >> Sorry for not telling relevant information. As you can see in my
> >> signature I am using The Bat! Further I use GnuPG 1.4.1 with GPGShell
> >> 3.40rc2.
> >> In GPGshell under Preferences GnuPG, on the second tab I changed the
> >> digest algo from default to RIPEMD160.
> >> After having kept this change, the gpg.conf has a line:
> >> digest-algo RIPEMD160
> >> 
> >> When I now send messages signed inlined, these messages verify ok but
> >> when I send a message like this one, signed PGP/MIME, I get this error
> >> message.
> 
> > You get the error when you *send* a message, or when you *verify* a
> > message?
> 
> Not while sending, but when I verify a message.
> 
> > What happens if you remove the 'digest-algo RIPEMD160' line from
> > gpg.conf?
> 
> If I do that and save the new gpg.conf the second tab shows digest
> algo default.

But does the message verify correctly if you remove the 'digest-algo
RIPEMD160' ?

> > I see also that you are using The Bat! v3.0.9.9.  That version is a
> > pre-beta that came out yesterday.  You're not the first person who is
> > reporting this error with The Bat! so I'm wondering if the Bat folks
> > changed something internally.
> 
> We are talking about this possibility in tbbeta too.
> 
> But what I find strange is that when I change within
> The Bat! from GnuPG to PGP, these messages verify ok.

Yes, PGP and GnuPG have a difference in their sig verification
routines.  GnuPG is more strict to the standard.  PGP actually allows
you to (for example) present a message that claims to be SHA1 but is
really RIPEMD160 and will successfully verify it.

I'm curious how The Bat! verifies PGP/MIME signed messages.  That
particular error sort of implies that they are constructing a brand
new OpenPGP message out of the various MIME parts and passing it to
GnuPG.

David

More information about the Gnupg-users mailing list