cleartext signature: digest determination

Hauke Laging mailinglisten at
Wed Jun 19 14:19:51 CEST 2013


in RfC4880 I read this:

«If the "Hash" Armor Header is given, the specified message digest    
algorithm(s) are used for the signature.  If there are no such headers, MD5 is 

That doesn't make sense to me. I checked a cleartext signature with 
gpg --list-packets and got this:

:signature packet: algo 1, keyid 4CB66C1B33FB59FC
        version 4, created 1364174035, md5len 0, sigclass 0x01
        digest algo 2, begin of digest a1 0d
        hashed subpkt 2 len 4 (sig created 2013-03-25)
        subpkt 16 len 8 (issuer key ID 4CB66C1B33FB59FC)
        data: [4093 bits]

This looks like a normal signature packet to me, and it does contain the used 
digest algo. So why should it be necessary to write the used digest into the 
cleartext part? Is that a compatibility issue with older OpenPGP versions? 
Usually that is mentioned but not in the text I quoted.

PGP: 7D82 FB9F D25A 2CE4 5241 6C37 BF4B 8EEF 1A57 1DF5 (seit 2012-11-04)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 572 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20130619/6d8beb7c/attachment.sig>

More information about the Gnupg-users mailing list