[Enigmail] PGP indicates enigmail signed messages are invalid

John Clizbe John at Mozilla-Enigmail.org
Sun Apr 12 15:00:23 PDT 2009 

Moonchild wrote:
> Hey folks,
> 
> I've run into a rather peculiar problem using enigmail. I've been
> looking at upgrading my mail client since my current one (Turnpike)
> isn't really supported anymore by the developers. Turnpike uses
> integrated PGP 6.5 to handle encrypted and signed messages. This setup
> hasn't given any issues with decrypting and verifying signed messages
> from anyone (including people using, for example, MUTT+OpenPGP and/or
> GNUPG).
> 
<snip>
> 
> Is this a known issue with PGP? I thought it used the exact same standard...
> Is there a way around this? I would like to be able to sign my e-mails
> in the most compatible way possible so people with older PGP versions
> will also be able to verify my messages haven't been altered. I rely on
> verifiable digital signatures for work. I've tried using PGP/MIME or
> "regular" signing already. I can't get it to verify at all.
> As said: any other mail signed with PGP and OpenPGP seems to be fine, so
> I'm a bit at a loss where the problem lies.

Your problem lies in PGP 6.5.8. It's nowhere near RFC 4880 compliant,
although GnuPG may be "broken" to not use post PGP 6.x features by using
the --pgp6 option. It instructs GnuPG to set up all options to be as PGP
6 compliant as possible. This restricts you to the ciphers IDEA (if the
IDEA plugin is installed), 3DES, and CAST5, the hashes MD5, SHA1 and
RIPEMD160, and the compression algorithms none and ZIP. This also
disables --throw-keyids, and making signatures with signing subkeys as
PGP 6 does not understand signatures made by signing subkeys.

It's a very sub-optimal solution that leaves you in the crypto "Stone
Age". You'll also need the IDEA DLL.

-- 
John P. Clizbe                      Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net  or
     mailto:pgp-public-keys at gingerbear.net?subject=HELP

Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 678 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20090412/e3a16f02/attachment.bin>

More information about the Enigmail mailing list