[Durham] Enigmail question (pgp / gpg)

Oliver Burnett-Hall olly at burnett-hall.co.uk
Fri Sep 26 12:27:43 UTC 2014


On 26 September 2014 10:52, mark <mark at aktivix.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 25/09/14 17:49, Oliver Burnett-Hall wrote:
>> Your PGP signature looks *very* short. I don't know if this is
>> some feature of having a DSA key, but it doesn't look right to me.
>> When I sign messages (using a RSA key) I get signatures of about
>> 800 characters, but yours only just over 100 chars.
>
> I think short signatures (320 bits) are what you get when you sign
> things with DSA. I read this in places where I didn't understand the
> maths though, so someone smarter than me ought to check.

Okay, let's remember how these things work; I was feeling a bit
braindead last night. PGP signatures involves hashing the text, then
encrytpting the hash using your public key. This means that this
biggest influence on the signature size will be the hash algorithm
used.

Looking at the digest algorithm preferences in Richard's key we get
"Digest: SHA1, RIPEMD160" so, unless it has been overridden elsewhere,
SHA-1 will have been used generating a 160 bit digest. This then gets
encrypted using DSA, and changed to text using base64. So the
signature length of 70 chars looks about right.

Both Mark and I have SHA-512 as our first choices, which generates 512
bit hash values, hence the longer signatures (though 700-800 is longer
than I would have expected from this, I guess RSA must add more
overhead.

> I've had a correctly signed message from Richard off-list before,
> which was in plaintext. I read in the enigmail docs that sending
> emails with HTML parts can break things, and the problematic message
> has an HTML part, so Richard, you could try sending as plain text and
> see if that fixes it. Also make sure 'use PGP/MIME as default' is
> turned off in enigmail.

His plain text messages to this list aren't getting signed correctly
either. I still suspect that something is mangling the body of his
email after the signature is calculated.

Richard -- did you have any success generating signatures directly
using the gpg command?

- olly



More information about the Durham mailing list