'pgp sig. verification issues - md5/sha1 and 1.2 v 1.2.5'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mutt-users
Subject:    pgp sig. verification issues - md5/sha1 and 1.2 v 1.2.5
From:       JB Segal <jb () akamai ! com>
Date:       2000-12-21 21:57:42
[Download RAW message or body]


So, digging through the archives has shown complaints of this problem before
but nothing really solid on the resolution...

A) It's been pointed out before that Mutt misassigns the micalg and that
this can be forced in .muttrc with set pgp_sign_micalg=pgp-sha1

Is this on the 'to be fixed' list?

A') My gnus/emacs using cow-orkers can not verify either my or my other
cow-orker's mail without changing the micalg line -
http://www.gnus.org/list-archives/ding/200011/msg00237.html
says:
===========
This piece of advice should make it possible to verify pgp/mime mail
signed with mutt.  (Mutt label them as using md5 in calculating the
signature, when actually sha1 is used.)

(defadvice mml2015-fix-micalg (before jas-mutt-fix)
  "Replace \"pgp-md5\" with \"pgp-sha1\" if sender uses Mutt."
    (with-current-buffer gnus-original-article-buffer
        (goto-char (point-min))
	    (when (re-search-forward "^User-Agent: Mutt" nil t)
	          (ad-set-arg 0 "pgp-sha1"))))
===========

B) However, I'm still having problems...
On my machine, running 1.2.5i (and pgp6), a piece of mail from a cow-orker
comes in and passes through pgp saying:

WARNING: Bad signature, doesn't match file contents!

Bad signature from user "<userid>".
Pretty Good Privacy(tm) Version 6.5.2
(c) 1999 Network Associates Inc.
Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc.
Export of this software may be restricted by the U.S. government.

On one our central timeshare servers, running 1.2i I get:

Warning: Using insecure memory!
Good signature from user "<userid>".
Signature made 2000/11/21 18:25 GMT
PGP Command Line for Workstations(tm) Version 7.0
(c) 2000 Network Associates Inc.
Uses the BSafe(tm) Toolkit, which is copyright RSA Data Security, Inc.
Export of this software may be restricted by the U.S. government.

no matter what the micalg is set to.

The exact same results happen for him reading my mail.

Would anyone be able to make any guesses on whether this is pgp or how mutt
deals?

B') I can always verify my own signed msgs no matter what the micalg is set to
on either version of mutt with either version of pgp.

B'') I have NO problems with pgp or gpg signed messages from gnus/emacs
using colleagues.

Thanks...
(If I've missed this discussion groveling around in the mail archives, sorry,
but all mail-archive software I've ever seen that isn't just 'grep' in a 
flatfile (which you then use mutt on...:) sucks...)

JB

(Note: I /think/ I've got all the failure/success conditions correct...
but I can't quite prove it...)

-- 
JB Segal                jb@akamai.com   jb-pager@akamai.com
Systems Engineer        617-250-3649    800-606-8292    617-283-2675 (Cell)
    Akamai Technologies, 500 Technology Square, Cambridge MA 02139
          "Pay no attention to the folks behind the curtain..."

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic