signature digest conflict in message

David Shaw dshaw at jabberwocky.com
Wed Apr 4 18:51:48 CEST 2007


On Wed, Apr 04, 2007 at 04:06:37PM +0200, Sebastian Schreiner wrote:
> Hello,
> unfortunately I have problems verifying some signed Mails using GPG for
> Windows and Enigmail with Thunderbird. The problem only affects the
> "Reverify Your Email Address"-mails from the PGP Global Directory. The
> error message reads:
> 
> C:\\Programme\\GNU\\GnuPG\\gpg.exe --charset utf8 --status-fd 1 --batch
> --no-tty --status-fd 2 --verify
> gpg: Signature made 03/30/07 11:33:09 using RSA key ID CA57AD7C
> gpg: WARNING: signature digest conflict in message
> gpg: Can't check signature: general error
> 
> 
> Can somebody help me on this. I didn't manage to find a solution on the web.

This is a known bug with the PGP Global Directory.  Essentially, it
sends out PGP/MIME messages that say "Here comes some data that I
signed with SHA-1", and then says "And here's the signature using
SHA-256".  SHA-1 != SHA-256, so it doesn't work.

I reported the bug a while back.  Presumably it'll be fixed at some
point.

David



More information about the Gnupg-users mailing list