Edit Sup Issue: issue33

Issues
Create New
 Show Unassigned
Show All
Search

Login




Register
Lost your login?

Help
Roundup docs

Summary
Issue type Status
Sup version Ruby version
Assigned To Tags (list)
Description
Attachments
  Make a copy

Created on 2009-12-10.23:15:45 by micah, last changed by micah.

Messages
msg80 (view) Author: micah Date: 2009-12-10.23:15:45 
crypto.rb, line 41 has this:

    envelope.header["Content-Type"] = 'multipart/signed;
protocol=application/pgp-signature; micalg=pgp-sha1'

that is no good if my hash algorithm is *not* sha1, which it is not. in fact,
what that creates are broken signatures, which some clients will complain about.
in fact, enigmail for one complains about them because gpg complains:

/usr/bin/gpg --charset utf8  --batch --no-tty --status-fd 2 --verify
gpg: Signature made Wed 09 Dec 2009 01:03:13 PM EST using RSA key ID 2861A790
gpg: WARNING: signature digest conflict in message
gpg: Can't check signature: general error

Sup should detect the hashing algorithm and set it properly, rather than
hardcoding it. 

RFC 3156 reads:

  The "micalg" parameter for the "application/pgp-signature" protocol
   MUST contain exactly one hash-symbol of the format "pgp-<hash-
   identifier>", where <hash-identifier> identifies the Message
   Integrity Check (MIC) algorithm used to generate the signature.
   Hash-symbols are constructed from the text names registered in [1] or
   according to the mechanism defined in that document by converting the
   text name to lower case and prefixing it with the four characters
   "pgp-".

   Currently defined values are "pgp-md5", "pgp-sha1", "pgp-ripemd160",
   "pgp-md2", "pgp-tiger192", and "pgp-haval-5-160".
History
Date User Action Args
2009-12-10 23:15:45micahcreate