algorythm 11 mistake mac

Charly Avital shavital at
Tue Jul 7 12:00:56 CEST 2009

Friedrich Fuhr wrote the following on 7/7/09 2:55 AM:
> Hello to all. 
> I have a Problem:
> When i try to send a signed mail message i get a window with the
> following text:
> internal failure: the hash algorithmus 11 is not allowed with rfc3156
> the message couldn´t signed with gpg
> system:
> mac os x 10,5,6 
> gpgmail 1.2.0
> gpgpreferences 1.2.2
> macgpg 2-2.0.12
> background:
> i made 2 new keys for 2 different email-adresses.
> i forgot the passphrase without having a revocation possibility
> i deleted both keys 
> #then i made a new one with one of the addresses
> from this point on the mentioned above mistake happened. 
> as long as i remembered my passphrase everything worked fine.
> what ca i do to solve the problem?
> may i uninstall everything?
> thank you very much for your patience
> and your help
> Friedrich Fuhr
> ffuhr at <mailto:ffuhr at>

Hi Friedrich,

Server server shows:

(1)	Friedrich Fuhr <ffuhr at>
	  2048 bit DSA key 339FBBAE, created: 2009-07-03
(2)	Friedrich Fuhr (Friedrich Fuhr (privat)) <ffuhr at>
	  1024 bit DSA key 911BEFC3, created: 2009-06-23

Some information about your public keys:

Is key (1) the new one you generated after deleting (in your keyring)
the previous two keys whose passphrase you had forgotten? Is this the
key you are using now as your default key?

Is key (2) valid, or have you deleted it (in your keyring)?

Since you are using GPGPreferences, please go to System
Preferences/GnuPG, click on the last bezel 'Expert'. This will display,
in graphical form, the contents of your gpg.conf file.

Please check whether 'rfc 3156' is enabled (the small square button at
the left of rfc 3156 is marked.

If it is, please unmark it.

If you have already an option named simply 'gnupg', and the small square
button is not marked, please mark it.

If not, please add a new option, name it gnupg and enable it (use the
square with the plus + sign at the bottom of the window.

Please check what 'digest-also' you are using.

If your key is 339FBBAE, I suggest you use SHA256, since that key is a
DSA2 key, and it will enable you to use SHA256.

Errors that mention 'algorithm 11' usually refer to algorithm H11
(SHA224), and *there might be* (I am not sure) some kind of problem
between hash algorithm SHA224 and RFC 3156 (related to OpenPGP MIME).
Again I insist: I am not sure about this SHA224 issue, but I remember
that a few years ago, it created problems. But that was some time ago,
and there shouldn't be any problems now.

Finally, please note that there are specific mailing lists for GPGMail
and MacGPG2 users.


More information about the Gnupg-users mailing list