NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: bin/46930 (netpgpverify reports right signatures as invalid)

Synopsis: netpgpverify reports right signatures as invalid

State-Changed-From-To: open->analyzed
State-Changed-When: Thu, 04 Oct 2012 20:58:34 +0000
i analysed the pr - thanks for that!

root cause is that gpg, when it signs an ascii armored signature, does
some unusual things (from some perspective anyway) to the input data.

each line in the input text (except the last one) has the line ending
modified to a DOS (\r\n) one. The last line does not get any terminating
character sequence whatsoever. The digest is then taken over that data,
along with the usual hashed data from the signing key, and the length
trailer. so it's not enough to calculate the data on the input data,
the hashed data and then the trailer, it must be modified in place.

found by using the --debug-all switch to gpg, and analysing the dbgmd files

Home | Main Index | Thread Index | Old Index