algorithm 11 mistake mac
David Shaw
dshaw at jabberwocky.com
Tue Jul 7 23:04:37 CEST 2009
On Jul 7, 2009, at 4:45 PM, Charly Avital wrote:
> According to previous posts and result of tests, it seems that the
> problem is with GPGMail signing with OpenPGP/MIME *and* SHA224.
>
> OpenPGP/MIME is set by default when sending a message with an
> attachment, or a multi-part message (e.g. HTML format).
>
> You'd better check your gpg.conf, and:
> disable the option digest-algo SHA224
>
> and use instead:
> digest-algo SHA256
No, never use digest-algo. It is almost always the wrong answer, and
causes a lot of pain and breakage in its wake.
He likely doesn't have any digest-algo set anyway - his key is a 2048-
bit DSA key, which defaults to SHA-224 as its hash. To override that,
use "personal-digest-preferences sha256" in the gpg.conf file, but
note that it may or may not work within gpgmail (it depends on how
gpgmail picks digests), and also note that it's chopping sha256 down
to 224 bits to fit.
However you cut it, the proper fix here needs to be in gpgmail.
David
More information about the Gnupg-users
mailing list