Page MenuHome GnuPG

GnuPG: Ignore invalid hash algorithm preferences when signing & encrypting combined
Closed, ResolvedPublic


When signing and encrypting combined GnuPG takes the preferences of the recipient keys into account. This can lead to invalid hash algorithm errors when the preferences of the recipient keys are bad. While this is standard compliant, for a better user experience we could choose the algorithm based on our settings. At least for signing.

This happens for example with OpenPGP certificates created by Greenshield.

Event Timeline

aheinecke created this task.

In de-vs mode we could change the implict algorithm from SHA-1 to SHA-256. That should solve the problem.

--- a/g10/pkclist.c
+++ b/g10/pkclist.c
@@ -1491,7 +1491,15 @@ select_algo_from_prefs(PK_LIST pk_list, int preftype,
 	     locked at MD5, we don't support sign+encrypt in --pgp2
 	     mode, and that's the only time PREFTYPE_HASH is used
-	     anyway. -dms */
+	     anyway. -dms
-          implicit=DIGEST_ALGO_SHA1;
+             Because "de-vs" compliance does not allow SHA-1 it does
+             not make sense to assign SHA-1 as implicit algorithm.
+             Instead it is better to use SHA-256 as implicit algorithm
+             (which will be the case for rfc4880bis anyway).  */
+          if (opt.compliance == CO_DE_VS)
+            implicit = DIGEST_ALGO_SHA256;
+          else
+            implicit = DIGEST_ALGO_SHA1;

Yes, I think that makes sense in the way that we want to provide the best user experience for our own users even if they communicate with communication partners which creates problematic keys.

ebo moved this task from Restricted Project Column to Restricted Project Column on the Restricted Project board.Jul 24 2023, 2:12 PM