Using gpg2 with SHA512

[patch-camel-camel_cipher_context_h]

--- evolution-data-server-2.21.91.orig/camel/camel-cipher-context.h	2007-11-29 13:53:44.000000000 +0100

+++ evolution-data-server-2.21.91/camel/camel-cipher-context.h	2008-02-27 01:29:20.000000000 +0100

@@ -43,13 +43,16 @@

 typedef struct _CamelCipherCertInfo CamelCipherCertInfo;

 

 typedef enum {

-	CAMEL_CIPHER_HASH_DEFAULT,

 	CAMEL_CIPHER_HASH_MD2,

 	CAMEL_CIPHER_HASH_MD5,

 	CAMEL_CIPHER_HASH_SHA1,

+	CAMEL_CIPHER_HASH_SHA256,

+	CAMEL_CIPHER_HASH_SHA384,

+	CAMEL_CIPHER_HASH_SHA512,

 	CAMEL_CIPHER_HASH_RIPEMD160,

 	CAMEL_CIPHER_HASH_TIGER192,

-	CAMEL_CIPHER_HASH_HAVAL5160

+	CAMEL_CIPHER_HASH_HAVAL5160,

+	CAMEL_CIPHER_HASH_DEFAULT

 } CamelCipherHash;

 

 typedef enum _camel_cipher_validity_sign_t {


[patch-camel-camel_gpg_context_c]
--- evolution-data-server-2.21.91.orig/camel/camel-gpg-context.c	2008-01-23 12:16:25.000000000 +0100

+++ evolution-data-server-2.21.91/camel/camel-gpg-context.c	2008-02-27 01:30:46.000000000 +0100

@@ -127,14 +127,21 @@

 	case CAMEL_CIPHER_HASH_MD5:

 		return "pgp-md5";

 	case CAMEL_CIPHER_HASH_SHA1:

-	case CAMEL_CIPHER_HASH_DEFAULT:

 		return "pgp-sha1";

+	case CAMEL_CIPHER_HASH_SHA256:

+		return "pgp-sha256";

+	case CAMEL_CIPHER_HASH_SHA384:

+		return "pgp-sha384";

+	case CAMEL_CIPHER_HASH_SHA512:

+		return "pgp-sha512";

 	case CAMEL_CIPHER_HASH_RIPEMD160:

 		return "pgp-ripemd160";

 	case CAMEL_CIPHER_HASH_TIGER192:

 		return "pgp-tiger192";

 	case CAMEL_CIPHER_HASH_HAVAL5160:

 		return "pgp-haval-5-160";

+	case CAMEL_CIPHER_HASH_DEFAULT:

+		return "pgp-sha512";

 	}

 

 	return NULL;

@@ -150,6 +157,12 @@

 			return CAMEL_CIPHER_HASH_MD5;

 		else if (!strcmp (id, "pgp-sha1"))

 			return CAMEL_CIPHER_HASH_SHA1;

+		else if (!strcmp (id, "pgp-sha256"))

+			return CAMEL_CIPHER_HASH_SHA256;

+		else if (!strcmp (id, "pgp-sha384"))

+			return CAMEL_CIPHER_HASH_SHA384;

+		else if (!strcmp (id, "pgp-sha512"))

+			return CAMEL_CIPHER_HASH_SHA512;

 		else if (!strcmp (id, "pgp-ripemd160"))

 			return CAMEL_CIPHER_HASH_RIPEMD160;

 		else if (!strcmp (id, "tiger192"))

@@ -158,7 +171,7 @@

 			return CAMEL_CIPHER_HASH_HAVAL5160;

 	}

 

-	return CAMEL_CIPHER_HASH_DEFAULT;

+	return /* CAMEL_CIPHER_HASH_DEFAULT */ CAMEL_CIPHER_HASH_SHA512;

 }

 

 

@@ -481,10 +494,16 @@

 		return "--digest-algo=MD5";

 	case CAMEL_CIPHER_HASH_SHA1:

 		return "--digest-algo=SHA1";

+	case CAMEL_CIPHER_HASH_SHA256:

+		return "--digest-algo=SHA256";

+	case CAMEL_CIPHER_HASH_SHA384:

+		return "--digest-algo=SHA384";

+	case CAMEL_CIPHER_HASH_SHA512:

+		return "--digest-algo=SHA512";

 	case CAMEL_CIPHER_HASH_RIPEMD160:

 		return "--digest-algo=RIPEMD160";

 	default:

-		return NULL;

+		return "--digest-algo=SHA512";

 	}

 }

 


[patch-composer_e-msg-composer_c]
--- evolution-2.21.92.orig/composer/e-msg-composer.c	2008-02-25 05:52:12.000000000 +0100

+++ evolution-2.21.92/composer/e-msg-composer.c	2008-02-26 17:35:32.000000000 +0100

@@ -759,7 +759,7 @@

 			CamelMimePart *npart = camel_mime_part_new();

 

 			cipher = mail_crypto_get_pgp_cipher_context(account);

-			camel_cipher_sign(cipher, pgp_userid, CAMEL_CIPHER_HASH_SHA1, part, npart, &ex);

+			camel_cipher_sign(cipher, pgp_userid, CAMEL_CIPHER_HASH_SHA512, part, npart, &ex);

 			camel_object_unref(cipher);

 

 			if (camel_exception_is_set(&ex)) {


--- a/camel/camel-gpg-context.c	2008-08-01 08:35:16.000000000 +0200

+++ b/camel/camel-gpg-context.c	2008-09-28 18:02:58.000000000 +0200

@@ -126,8 +126,7 @@

 	case CAMEL_CIPHER_HASH_MD5:

 		return "pgp-md5";

 	case CAMEL_CIPHER_HASH_SHA1:

-	case CAMEL_CIPHER_HASH_DEFAULT:

 		return "pgp-sha1";

 	case CAMEL_CIPHER_HASH_RIPEMD160:

 		return "pgp-ripemd160";

 	case CAMEL_CIPHER_HASH_TIGER192:


--- evolution-2.24.0/composer/e-msg-composer.c	2008-09-22 21:46:38.000000000 +0200

+++ evolution-2.24.0/composer/e-msg-composer.c	2008-09-22 21:49:56.000000000 +0200

@@ -810,7 +810,7 @@

 			CamelMimePart *npart = camel_mime_part_new ();

 

 			cipher = mail_crypto_get_pgp_cipher_context (account);

-			camel_cipher_sign (cipher, pgp_userid, CAMEL_CIPHER_HASH_SHA1, part, npart, &ex);

+			camel_cipher_sign (cipher, pgp_userid, CAMEL_CIPHER_HASH_DEFAULT, part, npart, &ex);

 			camel_object_unref (cipher);

 

 			if (camel_exception_is_set (&ex)) {



	Using gpg2 with SHA512 by Bugzilla from stmichalke@germanynet.de :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Hi, I'm using gpg v.2.0.8/libgcrypt 1.4.0 and wanted to test keys with maximum strength. Therefor I created a pair of keys with gpg2 --enable-dsa2. These keys are usable in Thunderbird, but can't be handled by Evolution (v2.21.92 btw.). The reason is that SHA-1 is hard wired as the hash method. From Thunderbird I learned that I had to use SHA-512 instead. I enclosed three patches against evolution-data-server and evolution (v2.21.92 both) which hard code SHA-512 as hash algorhythm for gpg. I confess that I'm not a C programmer so I don't know whether I broke something but the patches work for signing and encryption. Kind regards Steffen Michalke I enclosed the patches and a screenshot of the security information. The patch-camel files are for evolution-data-server. Of course, this message is signed ;-) `[patch-camel-camel_cipher_context_h]` --- evolution-data-server-2.21.91.orig/camel/camel-cipher-context.h 2007-11-29 13:53:44.000000000 +0100 +++ evolution-data-server-2.21.91/camel/camel-cipher-context.h 2008-02-27 01:29:20.000000000 +0100 @@ -43,13 +43,16 @@ typedef struct _CamelCipherCertInfo CamelCipherCertInfo; typedef enum { - CAMEL_CIPHER_HASH_DEFAULT, CAMEL_CIPHER_HASH_MD2, CAMEL_CIPHER_HASH_MD5, CAMEL_CIPHER_HASH_SHA1, + CAMEL_CIPHER_HASH_SHA256, + CAMEL_CIPHER_HASH_SHA384, + CAMEL_CIPHER_HASH_SHA512, CAMEL_CIPHER_HASH_RIPEMD160, CAMEL_CIPHER_HASH_TIGER192, - CAMEL_CIPHER_HASH_HAVAL5160 + CAMEL_CIPHER_HASH_HAVAL5160, + CAMEL_CIPHER_HASH_DEFAULT } CamelCipherHash; typedef enum _camel_cipher_validity_sign_t { `[patch-camel-camel_gpg_context_c]` --- evolution-data-server-2.21.91.orig/camel/camel-gpg-context.c 2008-01-23 12:16:25.000000000 +0100 +++ evolution-data-server-2.21.91/camel/camel-gpg-context.c 2008-02-27 01:30:46.000000000 +0100 @@ -127,14 +127,21 @@ case CAMEL_CIPHER_HASH_MD5: return "pgp-md5"; case CAMEL_CIPHER_HASH_SHA1: - case CAMEL_CIPHER_HASH_DEFAULT: return "pgp-sha1"; + case CAMEL_CIPHER_HASH_SHA256: + return "pgp-sha256"; + case CAMEL_CIPHER_HASH_SHA384: + return "pgp-sha384"; + case CAMEL_CIPHER_HASH_SHA512: + return "pgp-sha512"; case CAMEL_CIPHER_HASH_RIPEMD160: return "pgp-ripemd160"; case CAMEL_CIPHER_HASH_TIGER192: return "pgp-tiger192"; case CAMEL_CIPHER_HASH_HAVAL5160: return "pgp-haval-5-160"; + case CAMEL_CIPHER_HASH_DEFAULT: + return "pgp-sha512"; } return NULL; @@ -150,6 +157,12 @@ return CAMEL_CIPHER_HASH_MD5; else if (!strcmp (id, "pgp-sha1")) return CAMEL_CIPHER_HASH_SHA1; + else if (!strcmp (id, "pgp-sha256")) + return CAMEL_CIPHER_HASH_SHA256; + else if (!strcmp (id, "pgp-sha384")) + return CAMEL_CIPHER_HASH_SHA384; + else if (!strcmp (id, "pgp-sha512")) + return CAMEL_CIPHER_HASH_SHA512; else if (!strcmp (id, "pgp-ripemd160")) return CAMEL_CIPHER_HASH_RIPEMD160; else if (!strcmp (id, "tiger192")) @@ -158,7 +171,7 @@ return CAMEL_CIPHER_HASH_HAVAL5160; } - return CAMEL_CIPHER_HASH_DEFAULT; + return /* CAMEL_CIPHER_HASH_DEFAULT / CAMEL_CIPHER_HASH_SHA512; } @@ -481,10 +494,16 @@ return "--digest-algo=MD5"; case CAMEL_CIPHER_HASH_SHA1: return "--digest-algo=SHA1"; + case CAMEL_CIPHER_HASH_SHA256: + return "--digest-algo=SHA256"; + case CAMEL_CIPHER_HASH_SHA384: + return "--digest-algo=SHA384"; + case CAMEL_CIPHER_HASH_SHA512: + return "--digest-algo=SHA512"; case CAMEL_CIPHER_HASH_RIPEMD160: return "--digest-algo=RIPEMD160"; default: - return NULL; + return "--digest-algo=SHA512"; } } `[patch-composer_e-msg-composer_c]` --- evolution-2.21.92.orig/composer/e-msg-composer.c 2008-02-25 05:52:12.000000000 +0100 +++ evolution-2.21.92/composer/e-msg-composer.c 2008-02-26 17:35:32.000000000 +0100 @@ -759,7 +759,7 @@ CamelMimePart npart = camel_mime_part_new(); cipher = mail_crypto_get_pgp_cipher_context(account); - camel_cipher_sign(cipher, pgp_userid, CAMEL_CIPHER_HASH_SHA1, part, npart, &ex); + camel_cipher_sign(cipher, pgp_userid, CAMEL_CIPHER_HASH_SHA512, part, npart, &ex); camel_object_unref(cipher); if (camel_exception_is_set(&ex)) { _______________________________________________ Evolution-patches mailing list Evolution-patches@... http://mail.gnome.org/mailman/listinfo/evolution-patches secinfo.png (6K) Download Attachment signature.asc (236 bytes) Download Attachment
	Re: Using gpg2 with SHA512 by Jeffrey Stedfast :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Wed, 2008-02-27 at 15:05 +0100, Steffen Michalke wrote: > Hi, > > I'm using gpg v.2.0.8/libgcrypt 1.4.0 and wanted to test keys with > maximum strength. Therefor I created a pair of keys with gpg2 > --enable-dsa2. > > These keys are usable in Thunderbird, but can't be handled by Evolution > (v2.21.92 btw.). The reason is that SHA-1 is hard wired as the hash > method. > > From Thunderbird I learned that I had to use SHA-512 instead. I enclosed > three patches against evolution-data-server and evolution (v2.21.92 > both) which hard code SHA-512 as hash algorhythm for gpg. > > I confess that I'm not a C programmer so I don't know whether I broke > something but the patches work for signing and encryption. There's a bug about this in Bugzilla somewhere, I think... basically, the Right Fix(tm) is to provide a way for the user to choose what hash algo Evolution should use. We can't go hard-coding it to SHA-512, because that will break it for other users. Jeff _______________________________________________ Evolution-patches mailing list Evolution-patches@... http://mail.gnome.org/mailman/listinfo/evolution-patches
	Re: Using gpg2 with SHA512 by Srinivasa Ragavan :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Thu, 2008-02-28 at 10:18 +0530, Johnny Jacob wrote: > On Wed, 2008-02-27 at 10:19 -0500, Jeffrey Stedfast wrote: > > On Wed, 2008-02-27 at 15:05 +0100, Steffen Michalke wrote: > > > Hi, > > > > > > I'm using gpg v.2.0.8/libgcrypt 1.4.0 and wanted to test keys with > > > maximum strength. Therefor I created a pair of keys with gpg2 > > > --enable-dsa2. > > > > > > These keys are usable in Thunderbird, but can't be handled by Evolution > > > (v2.21.92 btw.). The reason is that SHA-1 is hard wired as the hash > > > method. > > > > > > From Thunderbird I learned that I had to use SHA-512 instead. I enclosed > > > three patches against evolution-data-server and evolution (v2.21.92 > > > both) which hard code SHA-512 as hash algorhythm for gpg. > > > > > > I confess that I'm not a C programmer so I don't know whether I broke > > > something but the patches work for signing and encryption. > > > > There's a bug about this in Bugzilla somewhere, > > Bugzilla entry for this issue : > http://bugzilla.gnome.org/show_bug.cgi?id=304415 Can you put your patches to bugzilla? So that it is tracked well :-) > > > I think... basically, > > the Right Fix(tm) is to provide a way for the user to choose what hash > > algo Evolution should use. I agree to fejj's point. Can you look into this as well. You can contact us on mail/chat for any help you need. -Srini _______________________________________________ Evolution-patches mailing list Evolution-patches@... http://mail.gnome.org/mailman/listinfo/evolution-patches
	Re: Using gpg2 with SHA512 by Johnny Jacob-2 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Wed, 2008-02-27 at 10:19 -0500, Jeffrey Stedfast wrote: > On Wed, 2008-02-27 at 15:05 +0100, Steffen Michalke wrote: > > Hi, > > > > I'm using gpg v.2.0.8/libgcrypt 1.4.0 and wanted to test keys with > > maximum strength. Therefor I created a pair of keys with gpg2 > > --enable-dsa2. > > > > These keys are usable in Thunderbird, but can't be handled by Evolution > > (v2.21.92 btw.). The reason is that SHA-1 is hard wired as the hash > > method. > > > > From Thunderbird I learned that I had to use SHA-512 instead. I enclosed > > three patches against evolution-data-server and evolution (v2.21.92 > > both) which hard code SHA-512 as hash algorhythm for gpg. > > > > I confess that I'm not a C programmer so I don't know whether I broke > > something but the patches work for signing and encryption. > > There's a bug about this in Bugzilla somewhere, Bugzilla entry for this issue : http://bugzilla.gnome.org/show_bug.cgi?id=304415 > I think... basically, > the Right Fix(tm) is to provide a way for the user to choose what hash > algo Evolution should use. > > We can't go hard-coding it to SHA-512, because that will break it for other users. > > Jeff > > > _______________________________________________ > Evolution-patches mailing list > Evolution-patches@... > http://mail.gnome.org/mailman/listinfo/evolution-patches _______________________________________________ Evolution-patches mailing list Evolution-patches@... http://mail.gnome.org/mailman/listinfo/evolution-patches signature.asc (201 bytes) Download Attachment
	Re: Using gpg2 with SHA512 by Bugzilla from stmichalke@germanynet.de :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Thank you for your hint. I tested signing with thunderbird. It reads my gpg.conf and uses the hash algorhythm which is configured as default there. By the way, it applies SHA-1 with DSA/Elgamal 3072/4096 keys. Those signatures are valid when I check the signed messages in Evolution. The real problem is that Evolution is not able to sign messages with those keys and SHA-1. _______________________________________________ Evolution-patches mailing list Evolution-patches@... http://mail.gnome.org/mailman/listinfo/evolution-patches
	Re: Using gpg2 with SHA512 by Bugzilla from stmichalke@germanynet.de :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Srinivasa Ragavan <sragavan@...> writes: > On Thu, 2008-02-28 at 10:18 +0530, Johnny Jacob wrote: >> On Wed, 2008-02-27 at 10:19 -0500, Jeffrey Stedfast wrote: >> > On Wed, 2008-02-27 at 15:05 +0100, Steffen Michalke wrote: >> > > Hi, >> > > >> > > I'm using gpg v.2.0.8/libgcrypt 1.4.0 and wanted to test keys with >> > > maximum strength. Therefor I created a pair of keys with gpg2 >> > > --enable-dsa2. >> > > >> > > These keys are usable in Thunderbird, but can't be handled by Evolution >> > > (v2.21.92 btw.). The reason is that SHA-1 is hard wired as the hash >> > > method. >> > > >> > > From Thunderbird I learned that I had to use SHA-512 instead. I enclosed >> > > three patches against evolution-data-server and evolution (v2.21.92 >> > > both) which hard code SHA-512 as hash algorhythm for gpg. >> > > >> > > I confess that I'm not a C programmer so I don't know whether I broke >> > > something but the patches work for signing and encryption. >> > >> > There's a bug about this in Bugzilla somewhere, >> >> Bugzilla entry for this issue : >> http://bugzilla.gnome.org/show_bug.cgi?id=304415 > > Can you put your patches to bugzilla? So that it is tracked well :-) > >> >> > I think... basically, >> > the Right Fix(tm) is to provide a way for the user to choose what hash >> > algo Evolution should use. > > I agree to fejj's point. Can you look into this as well. You can contact > us on mail/chat for any help you need. > > -Srini Hi, I attached 2 patches against evolution and evolution-data-server v2.24.0. These patches (one line each) simply remove the default hash algorhythm, leaving the choice to gpg2 resp. the user settings in gpg.conf ("digest-algo"). To me, it seems to be fine to use the backends for such things. Signing e-mails now works with all the algorhythms which gpg2 knows of, given the "digest-algo" option is set (but "personal-digest-preferences", as described in the manpage, does not work here :-( ). The default method is SHA1. Cheers Steffen _______________________________________________ Evolution-patches mailing list Evolution-patches@... http://mail.gnome.org/mailman/listinfo/evolution-patches attachment0 (122 bytes) Download Attachment attachment1 (122 bytes) Download Attachment
	Re: Using gpg2 with SHA512 by Bugzilla from stmichalke@germanynet.de :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Steffen Michalke <stmichalke@...> writes: > Srinivasa Ragavan <sragavan@...> writes: > >> On Thu, 2008-02-28 at 10:18 +0530, Johnny Jacob wrote: >>> On Wed, 2008-02-27 at 10:19 -0500, Jeffrey Stedfast wrote: >>> > On Wed, 2008-02-27 at 15:05 +0100, Steffen Michalke wrote: >>> > > Hi, >>> > > >>> > > I'm using gpg v.2.0.8/libgcrypt 1.4.0 and wanted to test keys with >>> > > maximum strength. Therefor I created a pair of keys with gpg2 >>> > > --enable-dsa2. >>> > > >>> > > These keys are usable in Thunderbird, but can't be handled by Evolution >>> > > (v2.21.92 btw.). The reason is that SHA-1 is hard wired as the hash >>> > > method. >>> > > >>> > > From Thunderbird I learned that I had to use SHA-512 instead. I enclosed >>> > > three patches against evolution-data-server and evolution (v2.21.92 >>> > > both) which hard code SHA-512 as hash algorhythm for gpg. >>> > > >>> > > I confess that I'm not a C programmer so I don't know whether I broke >>> > > something but the patches work for signing and encryption. >>> > >>> > There's a bug about this in Bugzilla somewhere, >>> >>> Bugzilla entry for this issue : >>> http://bugzilla.gnome.org/show_bug.cgi?id=304415 >> >> Can you put your patches to bugzilla? So that it is tracked well :-) >> >>> >>> > I think... basically, >>> > the Right Fix(tm) is to provide a way for the user to choose what hash >>> > algo Evolution should use. >> >> I agree to fejj's point. Can you look into this as well. You can contact >> us on mail/chat for any help you need. >> >> -Srini > > Hi, > > I attached 2 patches against evolution and evolution-data-server > v2.24.0. > > These patches (one line each) simply remove the default hash algorhythm, > leaving the choice to gpg2 resp. the user settings in gpg.conf > ("digest-algo"). To me, it seems to be fine to use the backends for such > things. Signing e-mails now works with all the algorhythms which gpg2 > knows of, given the "digest-algo" option is set (but > "personal-digest-preferences", as described in the manpage, does not > work here :-( ). > > The default method is SHA1. > > Cheers > Steffen I try it again ;-) `--- a/camel/camel-gpg-context.c 2008-08-01 08:35:16.000000000 +0200 +++ b/camel/camel-gpg-context.c 2008-09-28 18:02:58.000000000 +0200 @@ -126,8 +126,7 @@ case CAMEL_CIPHER_HASH_MD5: return "pgp-md5"; case CAMEL_CIPHER_HASH_SHA1: - case CAMEL_CIPHER_HASH_DEFAULT: return "pgp-sha1"; case CAMEL_CIPHER_HASH_RIPEMD160: return "pgp-ripemd160"; case CAMEL_CIPHER_HASH_TIGER192:` --- evolution-2.24.0/composer/e-msg-composer.c 2008-09-22 21:46:38.000000000 +0200 +++ evolution-2.24.0/composer/e-msg-composer.c 2008-09-22 21:49:56.000000000 +0200 @@ -810,7 +810,7 @@ CamelMimePart *npart = camel_mime_part_new (); cipher = mail_crypto_get_pgp_cipher_context (account); - camel_cipher_sign (cipher, pgp_userid, CAMEL_CIPHER_HASH_SHA1, part, npart, &ex); + camel_cipher_sign (cipher, pgp_userid, CAMEL_CIPHER_HASH_DEFAULT, part, npart, &ex); camel_object_unref (cipher); if (camel_exception_is_set (&ex)) { _______________________________________________ Evolution-patches mailing list Evolution-patches@... http://mail.gnome.org/mailman/listinfo/evolution-patches
	Re: Using gpg2 with SHA512 by Jeffrey Stedfast :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message seems reasonable to me. Jeff On Sun, 2008-09-28 at 21:56 +0200, Steffen Michalke wrote: > Steffen Michalke <stmichalke@...> writes: > > > Srinivasa Ragavan <sragavan@...> writes: > > > >> On Thu, 2008-02-28 at 10:18 +0530, Johnny Jacob wrote: > >>> On Wed, 2008-02-27 at 10:19 -0500, Jeffrey Stedfast wrote: > >>> > On Wed, 2008-02-27 at 15:05 +0100, Steffen Michalke wrote: > >>> > > Hi, > >>> > > > >>> > > I'm using gpg v.2.0.8/libgcrypt 1.4.0 and wanted to test keys with > >>> > > maximum strength. Therefor I created a pair of keys with gpg2 > >>> > > --enable-dsa2. > >>> > > > >>> > > These keys are usable in Thunderbird, but can't be handled by Evolution > >>> > > (v2.21.92 btw.). The reason is that SHA-1 is hard wired as the hash > >>> > > method. > >>> > > > >>> > > From Thunderbird I learned that I had to use SHA-512 instead. I enclosed > >>> > > three patches against evolution-data-server and evolution (v2.21.92 > >>> > > both) which hard code SHA-512 as hash algorhythm for gpg. > >>> > > > >>> > > I confess that I'm not a C programmer so I don't know whether I broke > >>> > > something but the patches work for signing and encryption. > >>> > > >>> > There's a bug about this in Bugzilla somewhere, > >>> > >>> Bugzilla entry for this issue : > >>> http://bugzilla.gnome.org/show_bug.cgi?id=304415 > >> > >> Can you put your patches to bugzilla? So that it is tracked well :-) > >> > >>> > >>> > I think... basically, > >>> > the Right Fix(tm) is to provide a way for the user to choose what hash > >>> > algo Evolution should use. > >> > >> I agree to fejj's point. Can you look into this as well. You can contact > >> us on mail/chat for any help you need. > >> > >> -Srini > > > > Hi, > > > > I attached 2 patches against evolution and evolution-data-server > > v2.24.0. > > > > These patches (one line each) simply remove the default hash algorhythm, > > leaving the choice to gpg2 resp. the user settings in gpg.conf > > ("digest-algo"). To me, it seems to be fine to use the backends for such > > things. Signing e-mails now works with all the algorhythms which gpg2 > > knows of, given the "digest-algo" option is set (but > > "personal-digest-preferences", as described in the manpage, does not > > work here :-( ). > > > > The default method is SHA1. > > > > Cheers > > Steffen > > I try it again ;-) > > _______________________________________________ > Evolution-patches mailing list > Evolution-patches@... > http://mail.gnome.org/mailman/listinfo/evolution-patches _______________________________________________ Evolution-patches mailing list Evolution-patches@... http://mail.gnome.org/mailman/listinfo/evolution-patches

Using gpg2 with SHA512

Using gpg2 with SHA512

Re: Using gpg2 with SHA512

Re: Using gpg2 with SHA512

Re: Using gpg2 with SHA512

Re: Using gpg2 with SHA512

Re: Using gpg2 with SHA512

Re: Using gpg2 with SHA512

Re: Using gpg2 with SHA512