* oddies with enigmail
@ 2005-07-07 19:16 Uwe Brauer
2005-07-12 20:16 ` Werner Koch
0 siblings, 1 reply; 7+ messages in thread
From: Uwe Brauer @ 2005-07-07 19:16 UTC (permalink / raw)
Hello
The following is odd, I send a mail to myself, sign and encrypted,
using gnus and the mml backend for gpg, I then read
read the mail via mozilla/enigamail and after typing my passphrase the
message is decrypted and the signtaure is verified.
However when I only sign a message the same way and try to verify
I obtain the following:
OpenPGP Security Info
Unverified signature
gpg command line and output:
/usr/bin/gpg --charset utf8 --batch --no-tty --status-fd 2 --verify
gpg: NOTE: old default options file `/home/oub/.gnupg/options' ignored
gpg: Signature made Thu Jul 7 19:14:29 2005 UTC using RSA key ID 93B61FDD
gpg: WARNING: signature digest conflict in message
gpg: Can't check signature: general error
Can anybody tell me what is up there, or shall I ask in the gpg
mailing list.
Thanks
Uwe Brauer
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: oddies with enigmail
2005-07-07 19:16 oddies with enigmail Uwe Brauer
@ 2005-07-12 20:16 ` Werner Koch
2005-07-13 18:29 ` Uwe Brauer
0 siblings, 1 reply; 7+ messages in thread
From: Werner Koch @ 2005-07-12 20:16 UTC (permalink / raw)
On Thu, 07 Jul 2005 19:16:10 +0000, Uwe Brauer said:
> gpg: NOTE: old default options file `/home/oub/.gnupg/options' ignored
[ You should move all your options from that file to gpg.conf -
options has been deprecated a long time ago]
> gpg: Signature made Thu Jul 7 19:14:29 2005 UTC using RSA key ID 93B61FDD
> gpg: WARNING: signature digest conflict in message
The message looks like
-----BEGIN ...
Hash: MD5
....
-----BEGIN ..
base64/encoded/block
and the actual signature in the base64 block indicates that another
hash algorithm has been used (e.g. SHA-1). This may also happen if
the Hash: header is missing completely because it defaults to MD5.
It is for sure an Enigmail problem. I guess for some reasons it
mangles or deletes the Hash: header.
When signing and encrypting a different format than the above clear
signed format is beeing used and thus the problem does not occur.
Shalom-Salam,
Werner
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: oddies with enigmail
2005-07-12 20:16 ` Werner Koch
@ 2005-07-13 18:29 ` Uwe Brauer
2005-07-19 13:13 ` Werner Koch
0 siblings, 1 reply; 7+ messages in thread
From: Uwe Brauer @ 2005-07-13 18:29 UTC (permalink / raw)
>>>>> "Werner" == Werner Koch <wk@gnupg.org> writes:
Werner> On Thu, 07 Jul 2005 19:16:10 +0000, Uwe Brauer said:
>> gpg: NOTE: old default options file `/home/oub/.gnupg/options'
>> ignored
Werner> [ You should move all your options from that file to
Werner> gpg.conf -
Werner> options has been deprecated a long time ago]
Thanks I did not know this.
Werner> ....
Werner> -----BEGIN ..
Werner> base64/encoded/block
Werner> and the actual signature in the base64 block indicates
Werner> that another hash algorithm has been used (e.g. SHA-1).
Werner> This may also happen if the Hash: header is missing
Werner> completely because it defaults to MD5.
Werner> It is for sure an Enigmail problem. I guess for some reasons it
Werner> mangles or deletes the Hash: header.
Werner> When signing and encrypting a different format than the
Werner> above clear signed format is beeing used and thus the
Werner> problem does not occur.
The question is can I clear sign the message such that enigmail would
not complain?
Uwe
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: oddies with enigmail
2005-07-13 18:29 ` Uwe Brauer
@ 2005-07-19 13:13 ` Werner Koch
2005-07-19 13:28 ` Simon Josefsson
0 siblings, 1 reply; 7+ messages in thread
From: Werner Koch @ 2005-07-19 13:13 UTC (permalink / raw)
On Wed, 13 Jul 2005 18:29:03 +0000, Uwe Brauer said:
> The question is can I clear sign the message such that enigmail would
> not complain?
Do you say that pgg inserts the Hash line? This is obviously wrong -
it is best to let gpg create the cleas signed message. This will make
sure that the correct header is used.
Salam-Shalom,
Werner
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: oddies with enigmail
2005-07-19 13:13 ` Werner Koch
@ 2005-07-19 13:28 ` Simon Josefsson
2005-07-19 17:46 ` Uwe Brauer
0 siblings, 1 reply; 7+ messages in thread
From: Simon Josefsson @ 2005-07-19 13:28 UTC (permalink / raw)
Cc: ding
Werner Koch <wk@gnupg.org> writes:
> On Wed, 13 Jul 2005 18:29:03 +0000, Uwe Brauer said:
>
>> The question is can I clear sign the message such that enigmail would
>> not complain?
>
> Do you say that pgg inserts the Hash line? This is obviously wrong -
> it is best to let gpg create the cleas signed message. This will make
> sure that the correct header is used.
PGG doesn't insert nor remove any Hash: lines. The output from gpg is
used directly, except for QP encoding when needed. Gnus will QP
encode the output from gpg, so the receiver till have to perform QP
decode before it looks like a valid OpenPGP packet. This might break
some MUAs that expect the OpenPGP armor to not be QP escaped, but
rather, only the signed data. But such a message wouldn't conform to
MIME specs (the '=' in the CRC24 tag is invalid QP unless escaped),
and some MTAs bounce those messages...
That the morale is to use PGP/MIME instead is hopefully obvious.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: oddies with enigmail
2005-07-19 13:28 ` Simon Josefsson
@ 2005-07-19 17:46 ` Uwe Brauer
2005-07-24 14:45 ` Simon Josefsson
0 siblings, 1 reply; 7+ messages in thread
From: Uwe Brauer @ 2005-07-19 17:46 UTC (permalink / raw)
>>>>> "Simon" == Simon Josefsson <jas@extundo.com> writes:
Simon> Werner Koch <wk@gnupg.org> writes:
>> On Wed, 13 Jul 2005 18:29:03 +0000, Uwe Brauer said:
>>
>>> The question is can I clear sign the message such that
>>> enigmail would not complain?
>>
>> Do you say that pgg inserts the Hash line? This is obviously
>> wrong - it is best to let gpg create the cleas signed message.
>> This will make sure that the correct header is used.
Simon> PGG doesn't insert nor remove any Hash: lines. The output
Simon> from gpg is used directly, except for QP encoding when
Simon> needed. Gnus will QP encode the output from gpg, so the
Simon> receiver till have to perform QP decode before it looks
Simon> like a valid OpenPGP packet. This might break some MUAs
Simon> that expect the OpenPGP armor to not be QP escaped, but
Simon> rather, only the signed data. But such a message wouldn't
Simon> conform to MIME specs (the '=' in the CRC24 tag is invalid
Simon> QP unless escaped), and some MTAs bounce those messages...
Simon> That the morale is to use PGP/MIME instead is hopefully obvious.
Well that is what I used
mml-secure-message-sign-pgpmime
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: oddies with enigmail
2005-07-19 17:46 ` Uwe Brauer
@ 2005-07-24 14:45 ` Simon Josefsson
0 siblings, 0 replies; 7+ messages in thread
From: Simon Josefsson @ 2005-07-24 14:45 UTC (permalink / raw)
Cc: ding
Uwe Brauer <oub@mat.ucm.es> writes:
>>>>>> "Simon" == Simon Josefsson <jas@extundo.com> writes:
>
> Simon> Werner Koch <wk@gnupg.org> writes:
> >> On Wed, 13 Jul 2005 18:29:03 +0000, Uwe Brauer said:
> >>
> >>> The question is can I clear sign the message such that
> >>> enigmail would not complain?
> >>
> >> Do you say that pgg inserts the Hash line? This is obviously
> >> wrong - it is best to let gpg create the cleas signed message.
> >> This will make sure that the correct header is used.
>
> Simon> PGG doesn't insert nor remove any Hash: lines. The output
> Simon> from gpg is used directly, except for QP encoding when
> Simon> needed. Gnus will QP encode the output from gpg, so the
> Simon> receiver till have to perform QP decode before it looks
> Simon> like a valid OpenPGP packet. This might break some MUAs
> Simon> that expect the OpenPGP armor to not be QP escaped, but
> Simon> rather, only the signed data. But such a message wouldn't
> Simon> conform to MIME specs (the '=' in the CRC24 tag is invalid
> Simon> QP unless escaped), and some MTAs bounce those messages...
>
> Simon> That the morale is to use PGP/MIME instead is hopefully obvious.
>
> Well that is what I used
> mml-secure-message-sign-pgpmime
Oh. Ok. Still, PGG shouldn't alter any Hash: headers. Was that
definitely the problem here? Perhaps something else is somehow
modifying that header.
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2005-07-24 14:45 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-07-07 19:16 oddies with enigmail Uwe Brauer
2005-07-12 20:16 ` Werner Koch
2005-07-13 18:29 ` Uwe Brauer
2005-07-19 13:13 ` Werner Koch
2005-07-19 13:28 ` Simon Josefsson
2005-07-19 17:46 ` Uwe Brauer
2005-07-24 14:45 ` Simon Josefsson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).