[PATCH] Make update_keysig_packet honour cert-digest-algo
J Cruickshanks
cruicky at cruicky.co.uk
Sun May 10 00:10:10 CEST 2009
Hi there,
Firstly, I should warn you this is the first set of patches I've
submitted for any software ever, so please accept my apologies if
something is out of order. :)
With all the recent SHA-1 related news, I decided to test gpg to ensure
that updated self-signatures used the algorithm specified in
cert-digest-algo. I discovered that gpg takes the digest algorithm from
the previous self-signature. This patch allows this behaviour to be
overridden by using the digest specified by cert-digest-algo. I will be
honest and say that I haven't read the full PGP specification, so this
might be against it so feedback on this would be welcome.
I have included 2 patches, one against 1.4.9 for people still using
1.4.9 who wish to patch, and a patch against the current SVN. Both
patches have been tested to the point that they produce valid signatures
using an RSA key that can be checked with --check-sigs. The patches were
applied to the current source packages of gnupg and gnupg2 in Ubuntu
Intrepid.
I welcome your feedback on these patches.
Regards
J Cruickshanks
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: update_keysig_packet.diff
URL: </pipermail/attachments/20090509/7ed4c966/attachment.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: update_keysig_packet_svn.diff
URL: </pipermail/attachments/20090509/7ed4c966/attachment-0001.txt>
More information about the Gcrypt-devel
mailing list