Support for algorithms other than MD5
Julien-Elie opened this issue · 1 comments
Current versions of GnuPG reject signatures made using the MD5 hash algorithm.
In changelog for GnuPG 2.0.23: "gpg: Reject signatures made using the MD5 hash algorithm unless the new option --allow-weak-digest-algos or --pgp2 are given."
Thus, control articles generated by signcontrol.py versions anterior to 1.4.0 cannot be validated by current versions of GnuPG:
gpgv: Note: signatures using the MD5 algorithm are rejected
gpgv: Can't check signature: Invalid digest algorithm
signcontrol.py should permit the generation of signatures using other algorithms than MD5.
Nonetheless, we should still support the generation of such signatures in order to remain compatible with MIT PGP 2.6.2 (or equivalent) that is still used by a few news servers.
Thanks to Gérald Niel for having reported the issue.
Fixed in commit 2478962.