dshaw at jabberwocky.com
Fri Nov 30 05:07:17 CET 2007
On Thu, Nov 29, 2007 at 08:05:15PM -0500, David Shaw wrote:
> I've committed a fix for this for 1.4.8, so that new RSA + SHA-224
> signatures use the right constants. I've also added some
> bug-compatibility code so that 1.4.8 (and later) will be able to
> verify the old, incorrect signatures.
I should also add that GPG2 does not have this problem as it uses
libgcrypt for its crypto, and libgcrypt does not currently support
SHA-224. The version of libgcrypt currently in development does have
this problem, but it will be fixed before it is released.
More information about the Gnupg-users