Bug 479849
| Summary: | Digest algorithm preference is ignored | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Miloslav Trmač <mitr> |
| Component: | gnupg | Assignee: | Nalin Dahyabhai <nalin> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 10 | CC: | nalin, rdieter |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-01-29 01:31:42 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
After reading the source code I now realize the key preference applies to data sent _to_ the key owner, not _by_ the key owner. |
Description of problem: Key's algorithm preferences that say SHA-256 should be used are ignored. Overriding the algorithm manually using --digest-algo works, though. Version-Release number of selected component (if applicable): gnupg-1.4.9-4.fc10.x86_64 Steps to Reproduce: (irrelevant output parts skipped) 1. Create a key: $ LC_ALL=C gpg --homedir /home/mitr/t --gen-key --default-preference-list 'sha256' Please select what kind of key you want: (1) DSA and Elgamal (default) (2) DSA (sign only) (5) RSA (sign only) Your selection? 5 What keysize do you want? (2048) Requested keysize is 2048 bits Real name: test key 2. Verify SHA-256 is the preferred algorithm: $ LC_ALL=C gpg --homedir /home/mitr/t --edit-key 'test key' Command> showpref [ultimate] (1). test key Cipher: 3DES Digest: SHA256, SHA1 Compression: ZIP, Uncompressed Features: MDC, Keyserver no-modify 3. Sign something: $ gpg --homedir /home/mitr/t --sign ~/linux-diff 4. Look what digest type is used: $ LC_ALL=C gpg --homedir . --list-packets ~/linux-diff.gpg <snip> :signature packet: algo 1, keyid 96C762145D3D055F version 4, created 1231860524, md5len 0, sigclass 0x00 digest algo 2, begin of digest c8 2f (Per RFC 4880, algo 1 = RSA, digest algo 2 = SHA-1) 5. Specify SHA-256 explicitly: $ gpg --digest-algo sha256 --homedir /home/mitr/t --sign ~/linux-diff 6. Verify gpg can generate SHA-256 if --digest-algo is used: $ LC_ALL=C gpg --homedir . --list-packets ~/linux-diff.gpggpg: WARNING: unsafe <snip> :signature packet: algo 1, keyid 96C762145D3D055F version 4, created 1231860613, md5len 0, sigclass 0x00 digest algo 8, begin of digest 87 31 (digest algo 8 = SHA-256) Expected results: 4. shows digest algo 8. Additional info: Perhaps SHA-256 is disabled by default and I need an extra option like to enable it, but --rfc4880 doesn't work and no other option in the documentation seems relevant.