GnuPG and trailing whitespace handling

[Russ Allbery]

Background:  I've just mostly finished modifying my PGP::Sign module to
support GnuPG as well as PGP.  In the process, I discovered an interesting
incompatibility.  Could the experts here check over the following
description and make sure it's accurate?  Since this is going into module
documentation, I want to make sure first that I'm not mistaken.

I'm assuming that the GnuPG developers already know about this; if not,
consider this a report.  The main GnuPG-relevant content starts with the
second paragraph; the first is included just so that it's clear what mode
of processing I'm discussing (text only).

=head1 BUGS

PGP::Sign does not currently work with binary data, as it unconditionally
forces text mode in PGP by using the C<-t> option.  This is a high
priority to fix, but I'd like to implement some sort of generic way of
setting PGP options rather than just adding more entry points.

There are some serious and annoying hidden incompatibilities and
undocumented "features" of different implementations of PGP that make
implementing something like PGP::Sign considerably more complex than it
ought to be, and which are responsible for at least one thing in this
implementation that I consider a bug.

PGP, both the 2.6.2 implementation and the 5.0 implementation, behaves
differently when generating attached signatures than when generating
detached signatures.  For attached signatures, trailing whitespace in
lines of the data is not significant, but for detached signatures it is.
This, combined with the fact that there's no way that I can see to get PGP
to verify a detached signature without using files on disk, means that in
order to maintain the intended default semantics of this module
(manipulating detached signatures), I had to use temporary files in the
implementation of pgp_verify().  PGP::Sign sets its umask before creating
those temporary files and checks for race conditions, but files may be
left behind in the event that an application using pgp_verify() crashes
unexpectedly.

Also, because of this incompatibility, you need to be aware of what the
process checking the signatures you generate is expecting.  If that
process is going to turn your signature into an attached signature for
verification (as pgpverify does for Usenet control messages), then you
need to pre-munge your data to remove trailing whitespace at the ends of
lines before feeding it to PGP.  PGP::Sign will do that for you if you set
$PGP::Sign::MUNGE to a true value.

To add even more confusion to the mix, GnuPG takes the much saner but
incompatible approach of always stripping whitespace regardless of whether
the signature is attached or detached.  This means that if you're
generating a signature with PGP that you want to be verifiable with GnuPG,
you need to always set $PGP::Sign::MUNGE, and there is no way to generate
a detached signature of text data with trailing whitespace using GnuPG
that will verify with PGP, or to generate a detached signature of text
data with trailing whitespace that will verify as such with both PGP and
GnuPG.

(It's possible that I may have missed documentation somewhere that
resolves some of this conflict; if so, corrections are very much welcome.)

-- 
Russ Allbery (rra at stanford.edu)         <URL:http://www.eyrie.org/~eagle/>