could not check signature

Henk de Bruijn henkdebruijn at wanadoo.nl
Thu Mar 24 07:16:10 CET 2005


On Wed, 23 Mar 2005 23:12:41 -0500GMT (24-3-2005, 5:12 +0100, where I
live), David Shaw wrote:

...<snip>

>>> You get the error when you *send* a message, or when you *verify* a
>>> message?

>> Not while sending, but when I verify a message.
>> 
>>> What happens if you remove the 'digest-algo RIPEMD160' line from
>>> gpg.conf?
>> 
>> If I do that and save the new gpg.conf the second tab shows digest
>> algo default.

> But does the message verify correctly if you remove the 'digest-algo
> RIPEMD160' ?

Simular message:
gpg: Signature made 03/23/05 04:49:07 using DSA key ID DBE6E678
gpg: WARNING: signature digest conflict in message
gpg: Can't check signature: general error

...<snip>

> Yes, PGP and GnuPG have a difference in their sig verification
> routines.  GnuPG is more strict to the standard.  PGP actually allows
> you to (for example) present a message that claims to be SHA1 but is
> really RIPEMD160 and will successfully verify it.

> I'm curious how The Bat! verifies PGP/MIME signed messages.  That
> particular error sort of implies that they are constructing a brand
> new OpenPGP message out of the various MIME parts and passing it to
> GnuPG.

I have received several messages that my messages verify ok in/with other
MUA's.

I will add a note on The Bat's bugtracker.

Thanks for all the help.

-- 
Henk
______________________________________________________________________
The Bat!™ Natural Email System v3.0.9.9 Professional on Windows XP SP2
PGPkey available at http://www.biglumber.com/x/web?qs=0x12069B93DBE6E678
Gossamer Spider Web of Trust GSWoT http://www.gswot.org/
A Progressive and Innovative Web of Trust
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 183 bytes
Desc: not available
Url : /pipermail/attachments/20050324/7d585d97/attachment.pgp


More information about the Gnupg-users mailing list