clearsign failed: Bad signature

John Ruff jcruff at
Tue Dec 21 13:59:16 CET 2010

On Dec 19, 2010, at 6:16 PM, David Shaw wrote:

> On Dec 17, 2010, at 11:22 AM, Chris Ruff wrote:
>> On Sat, 2010-12-11 at 14:57 +0100, Olav Seyfarth wrote:
>>> My key: OpenPGP SmartCard v2 key 0x6AE1EF56 (3072 Bit RSA) Card  
>>> 0005 00000222
>>> Why can't I use SHA256/SHA512 with this card?
>>> | enable-dsa2
>>> is set and showpref lists
>> The documentation for OpenPGP v2 smartcard states that only  
>> RIPEMD-160 &
>> SHA-1 are supported as a digest algorithm at this point in time.   
>> You'll
>> have to change your digest prefs accordingly to use the card.
>> excert from doc:
>> "Cards with Version < 2.0 sup port RIPEMD-160 and SHA-1 only and may
>> check it, so other hash algorithms cannot be
>> used."
>> Although I assume it should say =<2.0.  Feedback from others if  
>> this was
>> a typo in teh doc and should be =<2.0?
> That is not a typo.  The v2 card works just fine with other  
> algorithms.  If it isn't working for you, then there may be an  
> issue, but it is not related to the fact that you are using a v2 card.
> David

Interesting, but yes, when I attempt to sign with SHA256 I receive  
'gpg: signing failed: Bad signature'.  I seem to recall a discussion  
around this and it wasn't the signing that was failing but rather the  
post validation check of the newly made signature.  I could be wrong.

Chris Ruff
jcruff at
GPG Key: 0x307A351B4EC4B6A1
FGPR: BF2F 2497 22E7 FEB5 C805
       075C 307A 351B 4EC4 B6A1

"No one can see past a choice they don't understand." --The Oracle

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 527 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20101221/c6904adc/attachment.pgp>

More information about the Gnupg-users mailing list