Support for algorithms other than MD5

Question

Support for algorithms other than MD5

Closed this issue 10 years ago · 1 comments

Current versions of GnuPG reject signatures made using the MD5 hash algorithm.
In changelog for GnuPG 2.0.23: "gpg: Reject signatures made using the MD5 hash algorithm unless the new option --allow-weak-digest-algos or --pgp2 are given."

Thus, control articles generated by signcontrol.py versions anterior to 1.4.0 cannot be validated by current versions of GnuPG:

gpgv: Note: signatures using the MD5 algorithm are rejected
gpgv: Can't check signature: Invalid digest algorithm

signcontrol.py should permit the generation of signatures using other algorithms than MD5.
Nonetheless, we should still support the generation of such signatures in order to remain compatible with MIT PGP 2.6.2 (or equivalent) that is still used by a few news servers.

Thanks to Gérald Niel for having reported the issue.

Answer 1 · 2014-10-26T17:45:36.000Z

Fixed in commit 2478962.