From cruicky at cruicky.co.uk Sun May 10 00:10:10 2009 From: cruicky at cruicky.co.uk (J Cruickshanks) Date: Sat, 09 May 2009 23:10:10 +0100 Subject: [PATCH] Make update_keysig_packet honour cert-digest-algo Message-ID: <4A05FF42.7040502@cruicky.co.uk> Hi there, Firstly, I should warn you this is the first set of patches I've submitted for any software ever, so please accept my apologies if something is out of order. :) With all the recent SHA-1 related news, I decided to test gpg to ensure that updated self-signatures used the algorithm specified in cert-digest-algo. I discovered that gpg takes the digest algorithm from the previous self-signature. This patch allows this behaviour to be overridden by using the digest specified by cert-digest-algo. I will be honest and say that I haven't read the full PGP specification, so this might be against it so feedback on this would be welcome. I have included 2 patches, one against 1.4.9 for people still using 1.4.9 who wish to patch, and a patch against the current SVN. Both patches have been tested to the point that they produce valid signatures using an RSA key that can be checked with --check-sigs. The patches were applied to the current source packages of gnupg and gnupg2 in Ubuntu Intrepid. I welcome your feedback on these patches. Regards J Cruickshanks -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: update_keysig_packet.diff URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: update_keysig_packet_svn.diff URL: From cruicky at cruicky.co.uk Sun May 10 17:09:02 2009 From: cruicky at cruicky.co.uk (J Cruickshanks) Date: Sun, 10 May 2009 16:09:02 +0100 Subject: [PATCH] Make update_keysig_packet honour cert-digest-algo In-Reply-To: <4A05FF42.7040502@cruicky.co.uk> References: <4A05FF42.7040502@cruicky.co.uk> Message-ID: <4A06EE0E.8080101@cruicky.co.uk> Apologies, I appear to have sent this to the wrong list. J Cruickshanks wrote: > Hi there, > > Firstly, I should warn you this is the first set of patches I've > submitted for any software ever, so please accept my apologies if > something is out of order. :) > > With all the recent SHA-1 related news, I decided to test gpg to ensure > that updated self-signatures used the algorithm specified in > cert-digest-algo. I discovered that gpg takes the digest algorithm from > the previous self-signature. This patch allows this behaviour to be > overridden by using the digest specified by cert-digest-algo. I will be > honest and say that I haven't read the full PGP specification, so this > might be against it so feedback on this would be welcome. > > I have included 2 patches, one against 1.4.9 for people still using > 1.4.9 who wish to patch, and a patch against the current SVN. Both > patches have been tested to the point that they produce valid signatures > using an RSA key that can be checked with --check-sigs. The patches were > applied to the current source packages of gnupg and gnupg2 in Ubuntu > Intrepid. > > I welcome your feedback on these patches. > > Regards > J Cruickshanks > > > ------------------------------------------------------------------------ > > _______________________________________________ > Gcrypt-devel mailing list > Gcrypt-devel at gnupg.org > http://lists.gnupg.org/mailman/listinfo/gcrypt-devel From o.finnendahl at mh-freiburg.de Thu May 28 22:42:30 2009 From: o.finnendahl at mh-freiburg.de (Orm Finnendahl) Date: Thu, 28 May 2009 22:42:30 +0200 Subject: format of encrypted data in sexpr Message-ID: <20090528204230.GA6488@varese> Hi, I'm encoding a file in chunks of 128 Bytes (1024 bit rsa with public/private key encryption) and everything seems to work well. The gcry_sexp_sprint function below sometimes returns a hex string (enclosed with hashmarks) and sometimes a string (enclosed in double quotes) in some random order for reasons not immediately obvious to me. Is there a way to specify (force) one of the two formats (I'd much prefer the hex string to the regular string)? Here is the relevant part of the code I'm using: sprintf(buf, "(data (flags raw) (value %s))", hexstring); err = gcry_sexp_build (&sexp, NULL, buf); err = gcry_pk_encrypt (&decr, sexp, pkey); gcry_sexp_sprint (decr, GCRYSEXP_FMT_ADVANCED, buf, MAXLENGTH); extract_a_from_sexp (decr, decryptstr); As I said, everything works. It's just a little tedious to deal with the string representation (especially as it sometimes contains escaped characters, like hex values or newlines etc.). Thanks, Orm