gnupg, news and Signature Verify

Hanno 'Rince' Wagner wagner at rince.de
Thu Mar 2 15:38:45 CET 2006


Hi,

I try to establish a way to sign my NewsPostings and - more
interesting - also to verify the messages posted by other people.
Since I am using new keys, the digest algorithm is SHA1 - which I
also use. But gpg seem to have a problem with the signed message (I
can not see why).

I have put the message on http://texte.rince.de/newssig.asc to
verify for everyone. When I do a "gpg --verify --verbose", I get the
following:

-----
$ gpg --verbose --verify newssig.asc
gpg: armor header: Version: GnuPG-v1.4.1
gpg: original file name=''
gpg: Signature made Thu Mar  2 14:44:15 2006 CET using DSA key ID 0B707552
gpg: WARNING: signature digest conflict in message
gpg: Can't check signature: general error
-----

pgpdump sais that the digest-algorithm is SHA1 and valid:
-----
$ pgpdump newssig.asc
[..]
        Pub alg - DSA Digital Signature Algorithm(pub 17)
	Hash alg - SHA1(hash 2)
[..]

Can anyone tell me why gpg sees a digest conflict in that message?

I'd understand if the signature would be bad or wrong, but
apparently it can not check wether the signature is valid.

Ciao, Hanno
-- 
|  Hanno Wagner  | Member of the HTML Writers Guild  | Rince at IRC      |
| Eine gewerbliche Nutzung meiner Email-Adressen ist nicht gestattet! |
| 74 a3 53 cc 0b 19 - we did it!          |    Generation @           |
#"Das Faxe ist alle und jetzt sitze ich hier mit T-Shirt und Krawatte..."
#	-- sven at joliet.deceiver.org (Sven Hoffmann)  erklärt das Binden
#	   von Krawatten



More information about the Gnupg-users mailing list