[Gpg4win-users-en] Gpg4win 2.1.1. beta 197

Bob Henson oldbob at oldbob.co.uk
Tue May 28 11:29:26 CEST 2013

On 23/05/2013 11:03 AM, Andre Heinecke wrote:
> Hi,
> On Thursday 23 May 2013 11:52:08 Bob Henson wrote:
>> Out of interest, and relating to this same problem, your message to
>> which I am replying here works fine with Thunderbird/Enigmail - it shows
>> the usual turquoise bar at the top of the screen and the "Good
>> Signature" message. The message that you posted this morning about
>> "Gpg4win on Windows 8" did not - the signature shows up at the bottom of
>> the screen as an attachment, and if I try to open it is give me a "bad
>> Signature" message. I see they were both written with Kmail, so they
>> should not be any different, so perhaps it is Thunderbird/Enigmail that
>> is at fault. As Enigmail intercepts the messages before Thunderbird gets
>> hold of them, I can't see why that should be though - perhaps this one
>> is just a fluke.
> Yes this is interesing, I am using a very old and stable version of Kmail 
> (enterprise 3.5 based on kmail 3.5.10) and there are no bugreports against 
> this version regarding invalid signatures.
> Could you open a bug report at Enigmail for this? At least it would be 
> interesting to hear what they say about this.

I did that, sent in a message displaying the problem, and got an answer
that seems to explain the problem. I'll paste in the whole reply. The
Google reference seems to contain the answer anyway,
Thunderbird/Enigmail cannot be made to deal with the mismatch referred
to, and it would need to be fixed at the Outlook end.

Quote on ..................

Hash: SHA1
:packet 63: length 11 gpg: ASCII-Hülle:
Version: GnuPG v2.0.20 (MingW32)
:literal data packet:
mode t (74), created 0, name="",
raw data: unknown length
gpg: ASCII-Hülle:
gpg: Ursprünglicher Dateiname=''
:signature packet: algo 1, keyid 7EEFA309D5078B4F
version 4, created 1369595441, md5len 0, sigclass 0x00
digest algo 8, begin of digest d7 2b
hashed subpkt 2 len 4 (sig created 2013-05-26)
subpkt 16 len 8 (issuer key ID 7EEFA309D5078B4F)
data: [2047 bits]
gpg: Signatur vom So 26 Mai 21:10:41 2013 CEST mittels RSA-Schlüssel ID
gpg: WARNUNG: Widersprechende Hashverfahren in der signierten Nachricht
[GNUPG:] ERRSIG 7EEFA309D5078B4F 1 8 00 1369595441 1
gpg: Signatur kann nicht geprüft werden: Allgemeiner Fehler

The corresponding english message is "WARNING: signature digest conflict
in message"

If you search the web, you'll end up with quite some hits (e.g.
http://www.mozdev.org/pipermail/enigmail/2009-December/011821.html). It
basically boils down to the fact that the indicated hash algorithm in
the header is not the one used to produce the
signature (which is absolutely necessary). I'm not sure how to fix this
on the outlook side, as I'm not using this. Maybe a posting on the
gpg-users mailinglist can give you more help.

Quote off............

It seems some programs can cope with this but not others. Is this digest
mis-match something that can be changed easily?



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 553 bytes
Desc: OpenPGP digital signature
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20130528/3807d6b0/attachment.sig>

More information about the Gpg4win-users-en mailing list