Bug 218721

Summary: Kmail always sets micalg=pgp-sha1 in gpg header
Product: [Applications] kmail Reporter: Joke de Buhr <joke.de.buhr>
Component: encryptionAssignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED DUPLICATE    
Severity: normal CC: hauke, martinralbrecht, nobled
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: Version Fixed In:

Description Joke de Buhr 2009-12-14 22:46:44 UTC 
Version:            (using KDE 4.3.4)
Compiler:          gcc (Ubuntu 4.4.1-4ubuntu8) 4.4.1 
OS:                Linux
Installed from:    Ubuntu Packages

Regardless of the hash setting of gpg Kmail always sets "gpg-sha1" within the header.

Content-Type: multipart/signed;
  boundary="nextPart4603336.7ndxo9qD1E";
  protocol="application/pgp-signature";
  micalg=pgp-sha1

Setting within ~/.gnupg/gpg.conf:
  personal-digest-preferences SHA512
gpg uses sha512 as digest algorithm. Kmail should therefore specify micalg=gpg-sha512 within the header.

By using the wrong hash setting Kmail breaks signature verification within Thunderbird's Enigmail extension.
Comment 1 Martin Albrecht 2010-01-03 12:01:57 UTC 
FWIW: I can confirm this bug.
Comment 2 Hauke Lathus 2010-03-05 01:42:53 UTC 
I can also confirm this (using KMail 1.12.4 with KDE 4.3.4 on Debian).

There has been quite a rush (or call it a meme) to move from SHA-1 to other hashes because of the many advances towards cracking SHA-1. It is actually a drawback for security when choosing a better hash results in the hash not being checked at all be the recipient due to a bug on the sender (KMail) side.
Comment 3 Thomas McGuire 2010-03-05 08:36:23 UTC 

*** This bug has been marked as a duplicate of bug 128784 ***