Re: [evolution-patches] Using gpg2 with SHA512

[Steffen Michalke <stmichalke germanynet de>]

Steffen Michalke <stmichalke germanynet de> writes:

> Srinivasa Ragavan <sragavan novell com> writes:
>
>> On Thu, 2008-02-28 at 10:18 +0530, Johnny Jacob wrote:
>>> On Wed, 2008-02-27 at 10:19 -0500, Jeffrey Stedfast wrote:
>>> > On Wed, 2008-02-27 at 15:05 +0100, Steffen Michalke wrote:
>>> > > Hi,
>>> > > 
>>> > > I'm using gpg v.2.0.8/libgcrypt 1.4.0 and wanted to test keys with
>>> > > maximum strength. Therefor I created a pair of keys with gpg2
>>> > > --enable-dsa2.
>>> > > 
>>> > > These keys are usable in Thunderbird, but can't be handled by Evolution
>>> > > (v2.21.92 btw.). The reason is that SHA-1 is hard wired as the hash
>>> > > method.
>>> > > 
>>> > > From Thunderbird I learned that I had to use SHA-512 instead. I enclosed
>>> > > three patches against evolution-data-server and evolution (v2.21.92
>>> > > both) which hard code SHA-512 as hash algorhythm for gpg.
>>> > > 
>>> > > I confess that I'm not a C programmer so I don't know whether I broke
>>> > > something but the patches work for signing and encryption.
>>> > 
>>> > There's a bug about this in Bugzilla somewhere,
>>> 
>>> Bugzilla entry for this issue :
>>> http://bugzilla.gnome.org/show_bug.cgi?id=304415
>>
>> Can you put your patches to bugzilla? So that it is tracked well :-)
>>
>>> 
>>> >  I think... basically,
>>> > the Right Fix(tm) is to provide a way for the user to choose what hash
>>> > algo Evolution should use.
>>
>> I agree to fejj's point. Can you look into this as well. You can contact
>> us on mail/chat for any help you need.
>>
>> -Srini
>
> Hi,
>
> I attached 2 patches against evolution and evolution-data-server
> v2.24.0.
>
> These patches (one line each) simply remove the default hash algorhythm,
> leaving the choice to gpg2 resp. the user settings in gpg.conf
> ("digest-algo"). To me, it seems to be fine to use the backends for such
> things. Signing e-mails now works with all the algorhythms which gpg2
> knows of, given the "digest-algo" option is set (but
> "personal-digest-preferences", as described in the manpage, does not
> work here :-( ).
>
> The default method is SHA1.
>
> Cheers
> Steffen

I try it again ;-)

--- a/camel/camel-gpg-context.c	2008-08-01 08:35:16.000000000 +0200
+++ b/camel/camel-gpg-context.c	2008-09-28 18:02:58.000000000 +0200
@@ -126,8 +126,7 @@
 	case CAMEL_CIPHER_HASH_MD5:
 		return "pgp-md5";
 	case CAMEL_CIPHER_HASH_SHA1:
-	case CAMEL_CIPHER_HASH_DEFAULT:
 		return "pgp-sha1";
 	case CAMEL_CIPHER_HASH_RIPEMD160:
 		return "pgp-ripemd160";
 	case CAMEL_CIPHER_HASH_TIGER192:

--- evolution-2.24.0/composer/e-msg-composer.c	2008-09-22 21:46:38.000000000 +0200
+++ evolution-2.24.0/composer/e-msg-composer.c	2008-09-22 21:49:56.000000000 +0200
@@ -810,7 +810,7 @@
 			CamelMimePart *npart = camel_mime_part_new ();
 
 			cipher = mail_crypto_get_pgp_cipher_context (account);
-			camel_cipher_sign (cipher, pgp_userid, CAMEL_CIPHER_HASH_SHA1, part, npart, &ex);
+			camel_cipher_sign (cipher, pgp_userid, CAMEL_CIPHER_HASH_DEFAULT, part, npart, &ex);
 			camel_object_unref (cipher);
 
 			if (camel_exception_is_set (&ex)) {