[Gpg4win-users-en] Gpg4win 2.1.1. beta 197

Werner Koch wk at gnupg.org
Tue May 28 22:16:00 CEST 2013


On Tue, 28 May 2013 11:29, oldbob at oldbob.co.uk said:

> signature (which is absolutely necessary). I'm not sure how to fix this
> on the outlook side, as I'm not using this. Maybe a posting on the

Well, we have hardwired SHA-1 for the PGP/MIME and S/MIME micalg
parameter.  IIRC, the reason was that Kleopatra had a problem to return
the used hash algorithms for use by GPGOL.  The protocol between GpgOL
and Kleopatra [1] defines a way to return it, though.

However, there is another problem with the micalg: MOSS (i.e. PGP/MIME
and S/MIME) define that this must be exactly be one algorithms.
However, OpenPGP allows the use of several signing keys which all may
use different hash algorithms - how which one should be put it?

Further, the micalg does not help gpg because it uses the information
from the OpenPGP packets and not any external info like the micalg.
Even for streamed processing it is not useful, because gpg needs to read
the signature before the data.  Yes, that means that you can't implement
PGP/MIME with gpg in a fully streamed mode.  If that ever turns out to
be a problem we would change that; but it would incur more processing
overhead.

Thus it is better for a MUA to ignore the micalg.  In particular if it
holds the message anyway in memory or on file.


Salam-Shalom,

   Werner


[1] http://gnupg.org/documentation/manuals/gpgme/UI-Server-Protocol.html
-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gpg4win-users-en mailing list