On 09/10/2013 02:23 PM, Adam Gold wrote:

> To enable gpg support in mutt I copied /usr/share/doc/mutt/examples/gpg.rc to 
> ~/.mutt and then added 'source ~/.mutt/gpg.rc' to the mutt config file.  I 
> also added to the config a number of lines as per here: 
> http://pastebin.com/t17HcrCS
> 
> If I send a mail to myself in mutt I get the following in the received 
> message:
> 
> =======================
> [-- PGP output follows (current time: Tue 10 Sep 2013 18:59:09 BST) --]
> gpg: Signature made Tue 10 Sep 2013 18:58:08 BST using RSA key ID 00583A4C
> gpg: Good signature from "Adam Gold"
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the owner.
> Primary key fingerprint: [     ]
> [-- End of PGP output --]
> [-- The following data is signed --]
> test
> [-- End of signed data --]
> =========================
> 
> This doesn't show what the hash is so I saved the attached signature.asc file 
> and ran 'gpg -v' against the actual email saved in my email directory.  The 
> following was returned:
> 
> ===============================
> gpg: Signature made Tue 10 Sep 2013 18:58:08 BST using RSA key ID 
> gpg: using PGP trust model
> gpg: BAD signature from "Adam Gold"
> gpg: textmode signature, digest algorithm SHA1
> ===============================
> 
> I guess the bad signature is because the signature.asc file is not meant to 
> be detached from the email and then checked against the email.  However, as 
> you'll see, the digest is still SHA1.  Perhaps this is unreliable too but I 
> can't see another way when viewing a signed message in mutt to ascertain the 
> digest.
> 
> FYI: it mentions here that mutt support SHA2: 
> https://wiki.ubuntu.com/SecurityTeam/GPGMigration
> 
> I really appreciate you taking the time to look at this.  If there is any 
> specific information I have omitted, please let me know.  Alternatively if 
> you don't mind, I can send you directly a signed email from my mutt account 
> (I don't want to reveal it publicly) and you could see what digest is being 
> used.

sorry, i don't know much about mutt or how it integrates with gpg.
maybe someone else on the list can help you with that, or you could ask
on a mailing list that's dedicated to mutt?

        --dkg

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to