GnuPG: Invalid digest algorithm for new certifications made by old keys with GnuPG master
Open, NormalPublic

Description

The GPGME/qt t-remarks test fails with GnuPG master because the old test keys in GPGME create ceritifcations which, I guess after the deprecation of SHA-1 in master, cannot be verified. The error is "Invalid digest algorithm".

To reproduce:

cd /tmp
mkdir certifytest
cd certifytest
gpg --homedir . --pinentry-mode=loopback --passphrase abc --import ~/dev/main/src/gpgme/tests/gpg/seckey-1.asc ~/dev/main/src/gpgme/tests/gpg/pubdemo.asc 
gpg --homedir . --edit-key xray
# Here do the lsign without further options
gpg --homedir . --check-sigs xray

Result is:

gpg: WARNING: unsafe permissions on homedir '/tmp/certifytest'
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: Note: RFC4880bis features are enabled.
gpg: checking the trustdb
gpg: no ultimately trusted keys found
pub   dsa1024 1999-03-08 [SCA]
      04C1DF62EFA0EBB00519B06A8979A6C5567FB34A
uid           [ unknown] XRay Test (demo key) <xray@example.net>
sig!3        8979A6C5567FB34A 1999-03-08  XRay Test (demo key) <xray@example.net>
sig%  L      AF82244F9CD9FD55 2019-11-06  [Invalid digest algorithm] 
sub   elg1024 1999-03-08 [E]
sig!         8979A6C5567FB34A 1999-03-08  XRay Test (demo key) <xray@example.net>

gpg: 2 good signatures
gpg: 1 signature not checked due to an error

Details

Version
master
aheinecke created this task.Nov 6 2019, 2:52 PM
werner added a project: CVE.Nov 6 2019, 4:25 PM

That is due to the mitigation for CVE-2019-14855. I need to see how to find a more specific mitigation.