Bug 218721 - Kmail always sets micalg=pgp-sha1 in gpg header
Summary: Kmail always sets micalg=pgp-sha1 in gpg header
Status: RESOLVED DUPLICATE of bug 128784
Alias: None
Product: kmail
Classification: Unmaintained
Component: encryption (show other bugs)
Version: unspecified
Platform: Ubuntu Linux
: NOR normal
Target Milestone: ---
Assignee: kdepim bugs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-12-14 22:46 UTC by Joke de Buhr
Modified: 2010-03-05 08:36 UTC (History)
3 users (show)

See Also:
Latest Commit:
Version Fixed In:
Sentry Crash Report:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Joke de Buhr 2009-12-14 22:46:44 UTC 
Version:            (using KDE 4.3.4)
Compiler:          gcc (Ubuntu 4.4.1-4ubuntu8) 4.4.1 
OS:                Linux
Installed from:    Ubuntu Packages

Regardless of the hash setting of gpg Kmail always sets "gpg-sha1" within the header.

Content-Type: multipart/signed;
  boundary="nextPart4603336.7ndxo9qD1E";
  protocol="application/pgp-signature";
  micalg=pgp-sha1

Setting within ~/.gnupg/gpg.conf:
  personal-digest-preferences SHA512
gpg uses sha512 as digest algorithm. Kmail should therefore specify micalg=gpg-sha512 within the header.

By using the wrong hash setting Kmail breaks signature verification within Thunderbird's Enigmail extension.
Comment 1 Martin Albrecht 2010-01-03 12:01:57 UTC 
FWIW: I can confirm this bug.
Comment 2 Hauke Lathus 2010-03-05 01:42:53 UTC 
I can also confirm this (using KMail 1.12.4 with KDE 4.3.4 on Debian).

There has been quite a rush (or call it a meme) to move from SHA-1 to other hashes because of the many advances towards cracking SHA-1. It is actually a drawback for security when choosing a better hash results in the hash not being checked at all be the recipient due to a bug on the sender (KMail) side.
Comment 3 Thomas McGuire 2010-03-05 08:36:23 UTC 

*** This bug has been marked as a duplicate of bug 128784 ***