Hi, I'm using gpg v.2.0.8/libgcrypt 1.4.0 and wanted to test keys with maximum strength. Therefor I created a pair of keys with gpg2 --enable-dsa2. These keys are usable in Thunderbird, but can't be handled by Evolution (v2.21.92 btw.). The reason is that SHA-1 is hard wired as the hash method. From Thunderbird I learned that I had to use SHA-512 instead. I enclosed three patches against evolution-data-server and evolution (v2.21.92 both) which hard code SHA-512 as hash algorhythm for gpg. I confess that I'm not a C programmer so I don't know whether I broke something but the patches work for signing and encryption. Kind regards Steffen Michalke I enclosed the patches and a screenshot of the security information. The patch-camel files are for evolution-data-server. Of course, this message is signed ;-)
--- evolution-data-server-2.21.91.orig/camel/camel-cipher-context.h 2007-11-29 13:53:44.000000000 +0100 +++ evolution-data-server-2.21.91/camel/camel-cipher-context.h 2008-02-27 01:29:20.000000000 +0100 @@ -43,13 +43,16 @@ typedef struct _CamelCipherCertInfo CamelCipherCertInfo; typedef enum { - CAMEL_CIPHER_HASH_DEFAULT, CAMEL_CIPHER_HASH_MD2, CAMEL_CIPHER_HASH_MD5, CAMEL_CIPHER_HASH_SHA1, + CAMEL_CIPHER_HASH_SHA256, + CAMEL_CIPHER_HASH_SHA384, + CAMEL_CIPHER_HASH_SHA512, CAMEL_CIPHER_HASH_RIPEMD160, CAMEL_CIPHER_HASH_TIGER192, - CAMEL_CIPHER_HASH_HAVAL5160 + CAMEL_CIPHER_HASH_HAVAL5160, + CAMEL_CIPHER_HASH_DEFAULT } CamelCipherHash; typedef enum _camel_cipher_validity_sign_t {
--- evolution-data-server-2.21.91.orig/camel/camel-gpg-context.c 2008-01-23 12:16:25.000000000 +0100 +++ evolution-data-server-2.21.91/camel/camel-gpg-context.c 2008-02-27 01:30:46.000000000 +0100 @@ -127,14 +127,21 @@ case CAMEL_CIPHER_HASH_MD5: return "pgp-md5"; case CAMEL_CIPHER_HASH_SHA1: - case CAMEL_CIPHER_HASH_DEFAULT: return "pgp-sha1"; + case CAMEL_CIPHER_HASH_SHA256: + return "pgp-sha256"; + case CAMEL_CIPHER_HASH_SHA384: + return "pgp-sha384"; + case CAMEL_CIPHER_HASH_SHA512: + return "pgp-sha512"; case CAMEL_CIPHER_HASH_RIPEMD160: return "pgp-ripemd160"; case CAMEL_CIPHER_HASH_TIGER192: return "pgp-tiger192"; case CAMEL_CIPHER_HASH_HAVAL5160: return "pgp-haval-5-160"; + case CAMEL_CIPHER_HASH_DEFAULT: + return "pgp-sha512"; } return NULL; @@ -150,6 +157,12 @@ return CAMEL_CIPHER_HASH_MD5; else if (!strcmp (id, "pgp-sha1")) return CAMEL_CIPHER_HASH_SHA1; + else if (!strcmp (id, "pgp-sha256")) + return CAMEL_CIPHER_HASH_SHA256; + else if (!strcmp (id, "pgp-sha384")) + return CAMEL_CIPHER_HASH_SHA384; + else if (!strcmp (id, "pgp-sha512")) + return CAMEL_CIPHER_HASH_SHA512; else if (!strcmp (id, "pgp-ripemd160")) return CAMEL_CIPHER_HASH_RIPEMD160; else if (!strcmp (id, "tiger192")) @@ -158,7 +171,7 @@ return CAMEL_CIPHER_HASH_HAVAL5160; } - return CAMEL_CIPHER_HASH_DEFAULT; + return /* CAMEL_CIPHER_HASH_DEFAULT */ CAMEL_CIPHER_HASH_SHA512; } @@ -481,10 +494,16 @@ return "--digest-algo=MD5"; case CAMEL_CIPHER_HASH_SHA1: return "--digest-algo=SHA1"; + case CAMEL_CIPHER_HASH_SHA256: + return "--digest-algo=SHA256"; + case CAMEL_CIPHER_HASH_SHA384: + return "--digest-algo=SHA384"; + case CAMEL_CIPHER_HASH_SHA512: + return "--digest-algo=SHA512"; case CAMEL_CIPHER_HASH_RIPEMD160: return "--digest-algo=RIPEMD160"; default: - return NULL; + return "--digest-algo=SHA512"; } }
--- evolution-2.21.92.orig/composer/e-msg-composer.c 2008-02-25 05:52:12.000000000 +0100 +++ evolution-2.21.92/composer/e-msg-composer.c 2008-02-26 17:35:32.000000000 +0100 @@ -759,7 +759,7 @@ CamelMimePart *npart = camel_mime_part_new(); cipher = mail_crypto_get_pgp_cipher_context(account); - camel_cipher_sign(cipher, pgp_userid, CAMEL_CIPHER_HASH_SHA1, part, npart, &ex); + camel_cipher_sign(cipher, pgp_userid, CAMEL_CIPHER_HASH_SHA512, part, npart, &ex); camel_object_unref(cipher); if (camel_exception_is_set(&ex)) {
Attachment:
secinfo.png
Description: PNG image
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil