signature digest conflict in message
David Shaw
dshaw at jabberwocky.com
Wed Apr 4 18:51:48 CEST 2007
On Wed, Apr 04, 2007 at 04:06:37PM +0200, Sebastian Schreiner wrote:
> Hello,
> unfortunately I have problems verifying some signed Mails using GPG for
> Windows and Enigmail with Thunderbird. The problem only affects the
> "Reverify Your Email Address"-mails from the PGP Global Directory. The
> error message reads:
>
> C:\\Programme\\GNU\\GnuPG\\gpg.exe --charset utf8 --status-fd 1 --batch
> --no-tty --status-fd 2 --verify
> gpg: Signature made 03/30/07 11:33:09 using RSA key ID CA57AD7C
> gpg: WARNING: signature digest conflict in message
> gpg: Can't check signature: general error
>
>
> Can somebody help me on this. I didn't manage to find a solution on the web.
This is a known bug with the PGP Global Directory. Essentially, it
sends out PGP/MIME messages that say "Here comes some data that I
signed with SHA-1", and then says "And here's the signature using
SHA-256". SHA-1 != SHA-256, so it doesn't work.
I reported the bug a while back. Presumably it'll be fixed at some
point.
David
More information about the Gnupg-users
mailing list