clearsign end-of-file/end-of-line

brian moore bem at
Sun Nov 29 18:45:45 CET 1998

Okay, I finally tracked down the problem. :)

OpenPGP requires end-of-line to be \r\n (as in DOS and CP/M) when
computing signatures as well as escaping lines that start with a -
by sneaking in a space after them to break quoted signatures from being
parsed.  This is done in sign.c in write_dash_escaped.

This function is -only- used for clearsigned stuff.  (MIME is basically
detached sigs, with the ugliness of MIME handling the breaks between
body and signature.)

The problem is that:  gpg --clearsign test will fail if the file ends
with a blank line.  Well, not fail, really: it verifies fine and dandy
with both PGP5 and GPG, but the last blank line is removed.  There's
also an ugly side effect that you should have a blank line after your
.signature or it will cram the PGP SIG right next to your .signature and
look ugly.

In short, it was dropping the last \r\n from a file (and since these are
magically converted from \n on input, it would strip the ending \n of a
typical Unix file.)

The fix is to deal with the state machine in write_dash_escape: if the
file ends with a \r\n[EOF], then state = 2, but the \r\n hasn't been
added to the SIG.  I inserted at sign.c, line 513:

    if( state == 2 ) {  /* file ended with a new line */
        md_putc(md, '\r');
        md_putc(md, '\n');
        iobuf_put( out, '\n');

Which throws the two characters into the the digest (they've already
been output), and then adds a blank line, since the final blank line is
discarded according to OpenPGP (and verified with PGP5 and GPG).

I probably -should- output \r\n instead of \n, but I dislike seeing ^M
all over my screen, and OpenPGP requires the \n to be converted to \r\n
when verifying anyway.

Brian Moore                       | "The Zen nature of a spammer resembles
      Sysadmin, C/Perl Hacker     |  a cockroach, except that the cockroach
      Usenet Vandal               |  is higher up on the evolutionary chain."
      Netscum, Bane of Elves.                 Peter Olson, Delphi Postmaster

More information about the Gnupg-devel mailing list