Sup used to add a micalg=pgp-sha1 parameter in Content-Type header of a
signed message, but used whatever the user had configured as his
preferred hasing algorithm in gpg.conf. This lead to unverifiable
signatures in some MUAs.
This adds an explicit --digest-algo option to the gpg call to override
any user configured setting. It also upgrades the algorithm to sha256 as
sha1 is being phased out now.
---
lib/sup/crypto.rb | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/sup/crypto.rb b/lib/sup/crypto.rb
index 289fb0e..2bd5350 100644
--- a/lib/sup/crypto.rb
+++ b/lib/sup/crypto.rb
@@ -45,14 +45,14 @@ EOS
sig_fn = Tempfile.new "redwood.signature"; sig_fn.close
- message = run_gpg "--output #{sig_fn.path} --yes --armor --detach-sign --textmode --local-user '#{from}' #{payload_fn.path}", :interactive => true
+ message = run_gpg "--output #{sig_fn.path} --yes --armor --detach-sign --textmode --digest-algo sha256 --local-user '#{from}' #{payload_fn.path}", :interactive => true
unless $?.success?
info "Error while running gpg: #{message}"
raise Error, "GPG command failed. See log for details."
end
envelope = RMail::Message.new
- envelope.header["Content-Type"] = 'multipart/signed; protocol=application/pgp-signature; micalg=pgp-sha1'
+ envelope.header["Content-Type"] = 'multipart/signed; protocol=application/pgp-signature; micalg=pgp-sha256'
envelope.add_part payload
signature = RMail::Message.make_attachment IO.read(sig_fn.path), "application/pgp-signature", nil, "signature.asc"
--
1.7.1
--
Ever tried. Ever failed. No matter.
Try again. Fail again. Fail better.
~ Samuel Beckett ~
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ Sup-devel mailing list Sup-devel@rubyforge.org http://rubyforge.org/mailman/listinfo/sup-devel