Use SHA1 w/DSA signing

horde · Apr 15, 2015 · 5c6b801 · 5c6b801
1 parent 82b236e
commit 5c6b801
Showing 1 changed file with 6 additions and 5 deletions.
diff --git a/framework/Pgp/lib/Horde/Pgp/Backend/Openpgp.php b/framework/Pgp/lib/Horde/Pgp/Backend/Openpgp.php
@@ -360,8 +360,9 @@ public function sign($text, $key, $mode)
             break;
 
         case 17:
-            // DSA
-            $sig = new OpenPGP_SignaturePacket($text, 'DSA', 'SHA256');
+            // DSA; use SHA1 since that is what it was designed for (at least
+            // with DSS profile)
+            $sig = new OpenPGP_SignaturePacket($text, 'DSA', 'SHA1');
             $sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_IssuerPacket(
                 substr($pkey->fingerprint, -16)
             );
@@ -370,8 +371,8 @@ public function sign($text, $key, $mode)
 
             $sig->sign_data(array(
                 'DSA' => array(
-                    'SHA256' => function ($data) use ($dsa) {
-                        return $dsa->sign($data, 'SHA256');
+                    'SHA1' => function ($data) use ($dsa) {
+                        return $dsa->sign($data, 'SHA1');
                     }
                 )
             ));
@@ -385,7 +386,7 @@ public function sign($text, $key, $mode)
             $sm = new Horde_Pgp_Element_SignedMessage(
                 new OpenPGP_Message(array($result[1], $result[0]))
             );
-            $sm->headers['Hash'] = 'SHA256';
+            $sm->headers['Hash'] = 'SHA1';
             return $sm;
 
         case 'detach':