[Enigmail] Setting which Hash Algorithm

[Patrick Brunschwig]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John Clizbe wrote:
> Charly Avital wrote:
>> Robert J. Hansen wrote the following on 6/23/08 12:52 PM:
>>> Charly Avital wrote:
>>>> I would like Enigmail to use the digest-algo  [value] I set in
>>>> gpg.conf.
>>> Enigmail has no influence over your cipher and algorithm settings.  We
>>> use what you've told GnuPG to use.
>> I must have misunderstood a previous statement:
>> 'Enigmail knows *nothing* of the options in gpg.conf.'
> 
> I'd be sorry if you did. It was a pretty direct statement without room for
> ambiguity to sneak in.
> 
> I think Rob {sh,c}ould have added "...unless you've instructed Enigmail to
> override GnuPG, in which case, things are passed on the command line.
> 
>>> The only exception to this is
>>> .mimeHashAlgorithm, which is only used for PGP/MIME messages.
> 
> Explained below.
> 
> The values for mimeHashAlgorithm are (from enigmail.js):
> 
> 0 null (default)
> 1 SHA-1
> 2 RIPEMD160
> 3 SHA-256
> 4 SHA-384
> 5 SHA-512
> 6 SHA-224
> 
> Anything other that the default case will get passed on Enigmail's command line
> with --digest-algo <blah>.
> 
> From the beginning, PGP/MIME presented a problem in that it is necessary to know
> the digest algorithm *before* invoking GnuPG as part of constructing the
> messages MIME headers. If one looks at teh source of a PGP/MIME signed message,
> s/he'll see the MIME header:
>     Content-Type: multipart/signed; micalg=pgp-sha1;
>      protocol="application/pgp-signature";
>      boundary=blah
> 
> pgp-sha1 being MIME-speak for OpenPGP's SHA-1.
> 
> The initial solution to this problem was to select a hash as part of Enigmail's
> preferences and then pass that to GnuPG, overriding whatever the key or gpg.conf
> said to use.
> 
> Later, Patrick developed a solution that signs a small test message and examines
> that to determine the hash used, constructs the MIME header and passes things to
> GnuPG for signing and possibly encryption.
> 
> Patrick, please whack my knuckles with a ruler and correct me if I've bungled
> this explanation.

Not at all -- your explanation is 100% correct :-)

Patrick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBSGDFCHcOpHodsOiwAQJ2/gf8DLcZgRw8EVH+jlsiwA3c+ijWxCZZBNwD
lfa8g4AWhOA9nMB1Hb0V6jSTuQg1P6QDXFBGgKryorSQXA1mSq0z2+JwMIUwkD5g
MQWjnIQPQXe5FgmuJ+YU0kF9ZFtP66uqYLF7Y5MwYhx37SIaP7xdHVp7Pt+mTcYJ
PTJKywb14bBJbUzOv0QiE2W9UeAJmGV3lkf3+S1UTeHKJbA3BzwPjAbMvykFFU7L
CrySLywkxqsjNjwCCMVH8jawz7czJuvjUvYcbhcIjp7641FVZjQ2us9EDznMu4xy
HvQV1hjkQ4jo1oB13K+jHH5Ek0V8r5iLAD+1/HFCV+h/VGgjHXmv5w==
=+STP
-----END PGP SIGNATURE-----