Re: [Evolution] Evolution/GPG

[Milan Crha <mcrha redhat com>]

On Mon, 2016-02-08 at 09:48 +0100, Stig Roar Wangberg wrote:
> It puzzles me though, that after converting from SHA-1 to SHA-256,
> Evolution still uses SHA-1. What can be the reason for that, you think?

        Hi,
why do you think that, please? Looking into message headers (of the
message I replied to), there is:

   Content-Type: multipart/signed; micalg="pgp-sha256";
      protocol="application/pgp-signature";
      boundary="=-QNe76L1YUtmFMaiwoYDa"

That means that the SHA256 had been used by gpg.

Please note that the evolution doesn't use any library in the
background to produce the signed and/or encrypted messages, it calls
the gpg executable with certain parameters and that's all. Things got
complicated with gpg2, but that's another story.

The way you signed messages on a command line is called "inline
signature", but your evolution uses signatures generated as multipart.
It conforms to pretty ancient RFC, which Pete gave a link to. If the
email client the users you send message to do not understand it, then
bad luck for them. Some email clients require additional plugins to
work fully with GPG, like for Thunderbird it's Enigmail (I think
Outlook also requires some plugin, but I do not use Outlook myself,
thus my information can be wrong).

The evolution can also provide inline signatures/encryption of plain
text messages since 3.20.0 [1]. It will produce similar output as you
are used to from the command line.
        Bye,
        Milan

[1] https://bugzilla.gnome.org/show_bug.cgi?id=758856