signing keyblock (was: CNN)

Werner Koch wk at
Sun Jan 17 14:08:14 CET 1999

Fabio Coatti <cova at> writes:

> I'll try to build one. Actually the one I have is a message encrypted
> for me and it requires my secret key for exploiting.

Please yes. It is much easier for me to fix a bug when I have a good

> I also think that there is a problem with dash-escaping (CVS 13/01/98, 
> not the latest): If I export an ascii-armored pub key and then I
> sign the file (for example, I've exported a key, added some comments
> in the same file and then signed the file), gpg can check the
> signature but is unable to import the key. 

I don't think so.  The clearsigned text with the public key signs the
key and has to dash-escape the armor lines of the keyblock - therefore
gpg does not know that there is a keyblock inside the message.  

There is no need to sign a keyblock.  If you want to import the
keyblock you have to run gpg twice.  I know this problem and I
considered to add some special code to handle this - It is not good to
do so as this is only one case and there are thausends of other
possiblities how OpenPGP messages might me nested.  

Suggestion: Attach the keyblock to the mail and sign only your
comment (using MIME of course).

BTW, for what does MIME need the MIC algorithm?  Is it expected that
a mailer calculates the hash and passes this to the signature
verification program - should GnuPG have a option to do so? 


More information about the Gnupg-devel mailing list