SHA-224 problem

David Shaw dshaw at
Fri Nov 30 05:07:17 CET 2007

On Thu, Nov 29, 2007 at 08:05:15PM -0500, David Shaw wrote:

> I've committed a fix for this for 1.4.8, so that new RSA + SHA-224
> signatures use the right constants.  I've also added some
> bug-compatibility code so that 1.4.8 (and later) will be able to
> verify the old, incorrect signatures.

I should also add that GPG2 does not have this problem as it uses
libgcrypt for its crypto, and libgcrypt does not currently support
SHA-224.  The version of libgcrypt currently in development does have
this problem, but it will be fixed before it is released.


More information about the Gnupg-users mailing list