On 09/10/2013 02:23 PM, Adam Gold wrote: > To enable gpg support in mutt I copied /usr/share/doc/mutt/examples/gpg.rc to > ~/.mutt and then added 'source ~/.mutt/gpg.rc' to the mutt config file. I > also added to the config a number of lines as per here: > http://pastebin.com/t17HcrCS > > If I send a mail to myself in mutt I get the following in the received > message: > > ======================= > [-- PGP output follows (current time: Tue 10 Sep 2013 18:59:09 BST) --] > gpg: Signature made Tue 10 Sep 2013 18:58:08 BST using RSA key ID 00583A4C > gpg: Good signature from "Adam Gold" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the owner. > Primary key fingerprint: [ ] > [-- End of PGP output --] > [-- The following data is signed --] > test > [-- End of signed data --] > ========================= > > This doesn't show what the hash is so I saved the attached signature.asc file > and ran 'gpg -v' against the actual email saved in my email directory. The > following was returned: > > =============================== > gpg: Signature made Tue 10 Sep 2013 18:58:08 BST using RSA key ID > gpg: using PGP trust model > gpg: BAD signature from "Adam Gold" > gpg: textmode signature, digest algorithm SHA1 > =============================== > > I guess the bad signature is because the signature.asc file is not meant to > be detached from the email and then checked against the email. However, as > you'll see, the digest is still SHA1. Perhaps this is unreliable too but I > can't see another way when viewing a signed message in mutt to ascertain the > digest. > > FYI: it mentions here that mutt support SHA2: > https://wiki.ubuntu.com/SecurityTeam/GPGMigration > > I really appreciate you taking the time to look at this. If there is any > specific information I have omitted, please let me know. Alternatively if > you don't mind, I can send you directly a signed email from my mutt account > (I don't want to reveal it publicly) and you could see what digest is being > used.
sorry, i don't know much about mutt or how it integrates with gpg.
maybe someone else on the list can help you with that, or you could ask
on a mailing list that's dedicated to mutt?
--dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
