Re: bin/46930 (netpgpverify reports right signatures as invalid)

To: agc%NetBSD.org@localhost, netbsd-bugs%netbsd.org@localhost, gnats-admin%netbsd.org@localhost, agc%NetBSD.org@localhost, gnrp%komkon2.de@localhost
Subject: Re: bin/46930 (netpgpverify reports right signatures as invalid)
From: agc%NetBSD.org@localhost
Date: Thu, 4 Oct 2012 20:58:36 +0000 (UTC)

Synopsis: netpgpverify reports right signatures as invalid

State-Changed-From-To: open->analyzed
State-Changed-By: agc%NetBSD.org@localhost
State-Changed-When: Thu, 04 Oct 2012 20:58:34 +0000
State-Changed-Why:
i analysed the pr - thanks for that!

root cause is that gpg, when it signs an ascii armored signature, does
some unusual things (from some perspective anyway) to the input data.

each line in the input text (except the last one) has the line ending
modified to a DOS (\r\n) one. The last line does not get any terminating
character sequence whatsoever. The digest is then taken over that data,
along with the usual hashed data from the signing key, and the length
trailer. so it's not enough to calculate the data on the input data,
the hashed data and then the trailer, it must be modified in place.

found by using the --debug-all switch to gpg, and analysing the dbgmd files
produced.

Prev by Date: NetBSD Nightly Trouble Ticket Report
Next by Date: Re: port-arm/45359 (wrong type casting in the interrupt handler in arch/arm/imx/imxclock.c)
Previous by Thread: Re: bin/46930 (netpgpverify reports right signatures as invalid)
Next by Thread: Re: bin/46930 (netpgpverify reports right signatures as invalid)
Indexes:

Home | Main Index | Thread Index | Old Index