gpg error messag

David Shaw dshaw at
Mon Nov 6 14:17:44 CET 2006

On Mon, Nov 06, 2006 at 11:19:18AM +0100, Patrick Brunschwig wrote:
> Jim Dever wrote:
> > David Shaw wrote:
> > 
> > 
> >> You might be able to manipulate things into verifying the signature by
> >> editing the file to change the SHA1 string to SHA256, but the real
> >> problem is probably in whatever program generated the message.
> > 
> > Thanks!  I thought that might be the problem although I didn't know how
> > to determine what hash the message was actually using.  What's
> > ridiculous is that the message was produced by the PGP Global Directory
> > keyserver.  The message is PGP/MIME in HTML format and I don't even see
> > a HASH string in the message source at all.
> The  hash string should be in the message header, something like
> Content-Type: multipart/signed; micalg=pgp-sha1;
> 	protocol="application/pgp-signature";
> I'm pretty sure that something is defined -- Enigmail will not try to
> verify the message if no hash algorithm is provided.

Ah, I recall this problem.  I reported it to the PGP GD people quite a
while ago, and I thought it had been fixed.  The GD was generating a
PGP/MIME micalg setting of pgp-sha1, but the actual signature was
being made with SHA256.


More information about the Gnupg-users mailing list