Enigmail.js errors seen on Console log
David Shaw
dshaw at jabberwocky.com
Tue Nov 20 04:38:14 CET 2007
On Mon, Nov 19, 2007 at 07:18:06PM -0600, Robert J. Hansen wrote:
> Robert D. wrote:
> > I was just looking at the Apple's Console log and saw these. I was
> > wondering what caused them and what I could set to "not" cause them
>
> These errors occur when the digest algorithm the message claims it's
> using isn't the same as the one it's actually using; or if it uses an
> algorithm other than one which must be used. E.g., you could (pre-DSA2
> support in GnuPG) get this error message if you attempted to process a
> message that had a DSA signature using SHA256 as opposed to SHA-1 or
> RIPEMD160.
That's not completely true. The first part is true: the error is from
a message that claims to use one hash, but actually uses a different
one. The error does not mean that the wrong algorithm was used for
DSA.
> Looking at key 0xBA279E56, it appears to be a DSA-1024 signing key. How
> much do you want to bet they're using DSA2 and you don't have
> enable-dsa2 in your gpg.conf?
DSA2 in GPG doesn't work that way. --enable-dsa2 only controls
whether you are able to issue a DSA2 signature. It does not have any
impact on whether you are able to verify someone elses DSA2 signature.
I've seen this error before - the cause back then was a PGP/MIME
signed message where the micalg field in the email header was set to
one hash, and the actual signed data was different.
David
More information about the Gnupg-users
mailing list