* [sup-devel] [PATCH] Explicitly specify signature hashing algorithm
@ 2010-10-07 17:50 Gaudenz Steinlin
2010-10-08 4:20 ` Rich Lane
0 siblings, 1 reply; 2+ messages in thread
From: Gaudenz Steinlin @ 2010-10-07 17:50 UTC (permalink / raw)
To: sup-devel
[-- Attachment #1.1: Type: text/plain, Size: 1697 bytes --]
Sup used to add a micalg=pgp-sha1 parameter in Content-Type header of a
signed message, but used whatever the user had configured as his
preferred hasing algorithm in gpg.conf. This lead to unverifiable
signatures in some MUAs.
This adds an explicit --digest-algo option to the gpg call to override
any user configured setting. It also upgrades the algorithm to sha256 as
sha1 is being phased out now.
---
lib/sup/crypto.rb | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/sup/crypto.rb b/lib/sup/crypto.rb
index 289fb0e..2bd5350 100644
--- a/lib/sup/crypto.rb
+++ b/lib/sup/crypto.rb
@@ -45,14 +45,14 @@ EOS
sig_fn = Tempfile.new "redwood.signature"; sig_fn.close
- message = run_gpg "--output #{sig_fn.path} --yes --armor --detach-sign --textmode --local-user '#{from}' #{payload_fn.path}", :interactive => true
+ message = run_gpg "--output #{sig_fn.path} --yes --armor --detach-sign --textmode --digest-algo sha256 --local-user '#{from}' #{payload_fn.path}", :interactive => true
unless $?.success?
info "Error while running gpg: #{message}"
raise Error, "GPG command failed. See log for details."
end
envelope = RMail::Message.new
- envelope.header["Content-Type"] = 'multipart/signed; protocol=application/pgp-signature; micalg=pgp-sha1'
+ envelope.header["Content-Type"] = 'multipart/signed; protocol=application/pgp-signature; micalg=pgp-sha256'
envelope.add_part payload
signature = RMail::Message.make_attachment IO.read(sig_fn.path), "application/pgp-signature", nil, "signature.asc"
--
1.7.1
--
Ever tried. Ever failed. No matter.
Try again. Fail again. Fail better.
~ Samuel Beckett ~
[-- Attachment #1.2: signature.asc --]
[-- Type: application/pgp-signature, Size: 482 bytes --]
[-- Attachment #2: Type: text/plain, Size: 143 bytes --]
_______________________________________________
Sup-devel mailing list
Sup-devel@rubyforge.org
http://rubyforge.org/mailman/listinfo/sup-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [sup-devel] [PATCH] Explicitly specify signature hashing algorithm
2010-10-07 17:50 [sup-devel] [PATCH] Explicitly specify signature hashing algorithm Gaudenz Steinlin
@ 2010-10-08 4:20 ` Rich Lane
0 siblings, 0 replies; 2+ messages in thread
From: Rich Lane @ 2010-10-08 4:20 UTC (permalink / raw)
To: Gaudenz Steinlin; +Cc: sup-devel
Applied to master. I had to write some code to get the patch out of the
signed message first.
_______________________________________________
Sup-devel mailing list
Sup-devel@rubyforge.org
http://rubyforge.org/mailman/listinfo/sup-devel
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-10-08 4:29 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-10-07 17:50 [sup-devel] [PATCH] Explicitly specify signature hashing algorithm Gaudenz Steinlin
2010-10-08 4:20 ` Rich Lane
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox