[evolution-patches] Using gpg2 with SHA512



Hi,

I'm using gpg v.2.0.8/libgcrypt 1.4.0 and wanted to test keys with
maximum strength. Therefor I created a pair of keys with gpg2
--enable-dsa2.

These keys are usable in Thunderbird, but can't be handled by Evolution
(v2.21.92 btw.). The reason is that SHA-1 is hard wired as the hash
method.

From Thunderbird I learned that I had to use SHA-512 instead. I enclosed
three patches against evolution-data-server and evolution (v2.21.92
both) which hard code SHA-512 as hash algorhythm for gpg.

I confess that I'm not a C programmer so I don't know whether I broke
something but the patches work for signing and encryption.

Kind regards
Steffen Michalke

I enclosed the patches and a screenshot of the security information. The
patch-camel files are for evolution-data-server.
Of course, this message is signed ;-)

--- evolution-data-server-2.21.91.orig/camel/camel-cipher-context.h	2007-11-29 13:53:44.000000000 +0100
+++ evolution-data-server-2.21.91/camel/camel-cipher-context.h	2008-02-27 01:29:20.000000000 +0100
@@ -43,13 +43,16 @@
 typedef struct _CamelCipherCertInfo CamelCipherCertInfo;
 
 typedef enum {
-	CAMEL_CIPHER_HASH_DEFAULT,
 	CAMEL_CIPHER_HASH_MD2,
 	CAMEL_CIPHER_HASH_MD5,
 	CAMEL_CIPHER_HASH_SHA1,
+	CAMEL_CIPHER_HASH_SHA256,
+	CAMEL_CIPHER_HASH_SHA384,
+	CAMEL_CIPHER_HASH_SHA512,
 	CAMEL_CIPHER_HASH_RIPEMD160,
 	CAMEL_CIPHER_HASH_TIGER192,
-	CAMEL_CIPHER_HASH_HAVAL5160
+	CAMEL_CIPHER_HASH_HAVAL5160,
+	CAMEL_CIPHER_HASH_DEFAULT
 } CamelCipherHash;
 
 typedef enum _camel_cipher_validity_sign_t {
--- evolution-data-server-2.21.91.orig/camel/camel-gpg-context.c	2008-01-23 12:16:25.000000000 +0100
+++ evolution-data-server-2.21.91/camel/camel-gpg-context.c	2008-02-27 01:30:46.000000000 +0100
@@ -127,14 +127,21 @@
 	case CAMEL_CIPHER_HASH_MD5:
 		return "pgp-md5";
 	case CAMEL_CIPHER_HASH_SHA1:
-	case CAMEL_CIPHER_HASH_DEFAULT:
 		return "pgp-sha1";
+	case CAMEL_CIPHER_HASH_SHA256:
+		return "pgp-sha256";
+	case CAMEL_CIPHER_HASH_SHA384:
+		return "pgp-sha384";
+	case CAMEL_CIPHER_HASH_SHA512:
+		return "pgp-sha512";
 	case CAMEL_CIPHER_HASH_RIPEMD160:
 		return "pgp-ripemd160";
 	case CAMEL_CIPHER_HASH_TIGER192:
 		return "pgp-tiger192";
 	case CAMEL_CIPHER_HASH_HAVAL5160:
 		return "pgp-haval-5-160";
+	case CAMEL_CIPHER_HASH_DEFAULT:
+		return "pgp-sha512";
 	}
 
 	return NULL;
@@ -150,6 +157,12 @@
 			return CAMEL_CIPHER_HASH_MD5;
 		else if (!strcmp (id, "pgp-sha1"))
 			return CAMEL_CIPHER_HASH_SHA1;
+		else if (!strcmp (id, "pgp-sha256"))
+			return CAMEL_CIPHER_HASH_SHA256;
+		else if (!strcmp (id, "pgp-sha384"))
+			return CAMEL_CIPHER_HASH_SHA384;
+		else if (!strcmp (id, "pgp-sha512"))
+			return CAMEL_CIPHER_HASH_SHA512;
 		else if (!strcmp (id, "pgp-ripemd160"))
 			return CAMEL_CIPHER_HASH_RIPEMD160;
 		else if (!strcmp (id, "tiger192"))
@@ -158,7 +171,7 @@
 			return CAMEL_CIPHER_HASH_HAVAL5160;
 	}
 
-	return CAMEL_CIPHER_HASH_DEFAULT;
+	return /* CAMEL_CIPHER_HASH_DEFAULT */ CAMEL_CIPHER_HASH_SHA512;
 }
 
 
@@ -481,10 +494,16 @@
 		return "--digest-algo=MD5";
 	case CAMEL_CIPHER_HASH_SHA1:
 		return "--digest-algo=SHA1";
+	case CAMEL_CIPHER_HASH_SHA256:
+		return "--digest-algo=SHA256";
+	case CAMEL_CIPHER_HASH_SHA384:
+		return "--digest-algo=SHA384";
+	case CAMEL_CIPHER_HASH_SHA512:
+		return "--digest-algo=SHA512";
 	case CAMEL_CIPHER_HASH_RIPEMD160:
 		return "--digest-algo=RIPEMD160";
 	default:
-		return NULL;
+		return "--digest-algo=SHA512";
 	}
 }
 
--- evolution-2.21.92.orig/composer/e-msg-composer.c	2008-02-25 05:52:12.000000000 +0100
+++ evolution-2.21.92/composer/e-msg-composer.c	2008-02-26 17:35:32.000000000 +0100
@@ -759,7 +759,7 @@
 			CamelMimePart *npart = camel_mime_part_new();
 
 			cipher = mail_crypto_get_pgp_cipher_context(account);
-			camel_cipher_sign(cipher, pgp_userid, CAMEL_CIPHER_HASH_SHA1, part, npart, &ex);
+			camel_cipher_sign(cipher, pgp_userid, CAMEL_CIPHER_HASH_SHA512, part, npart, &ex);
 			camel_object_unref(cipher);
 
 			if (camel_exception_is_set(&ex)) {

Attachment: secinfo.png
Description: PNG image

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]