GnuPG and trailing whitespace handling

Bodo Moeller Bodo_Moeller at
Sun Mar 7 03:21:00 CET 1999

ulf at (Ulf Möller):

>>>    0x01: Signature of a canonical text document.
>>>          Typically, this means the signer owns it, created it, or
>>>          certifies that it has not been modified.  The signature is
>>>          calculated over the text data with its line endings converted
>>>          to <CR><LF> and trailing blanks removed.

>> I can verify that PGP 2.6.2 and PGP 5.0 do *not* do this for detached
>> signatures.

> I reported that on the OpenPGP list before RFC 2440 was issued, but
> for some reason the RFC authors ignored my post.

> In PGP, trailing whitespace is removed as part of the clearsig
> encoding [...]

Not true.  Trailing blanks (tabs are treated as ordinary characters)
are ignored as far as signatures are concerned, but they remain in the
output data (tested with PGP 2.6.3i).  (Those blanks just waste
storage space or bandwidth, because anyone can remove them without
invalidating the signature, but PGP behaves that way.)

PGP's canonicalization procedure, which is used for all text-mode
signatures, can operate in two modes: One that removes trailing blanks
(as RFC 2440 demands ist) and one that does not.  The mode that
removes trailing blanks is employed only in the clearsig case.

When creating text-mode signatures, OpenPGP implementations that want
to be compatible with PGP should remove any trailing blanks (they are
not protected by the signature, so why keep them).  This is not
possible for detached signatures, but for detached signatures it
usually makes more sense to use binary mode, anyway.  (For example,
RFC 2015 [PGP-MIME] has its own canonicalization: Messages must be
encoded in CRLF format, as RFC 822 specifies it.)

When verifying text-mode signatures, OpenPGP implementations may have 
to resort to PGP's half-canonicalization in some cases -- if the
signature is false (according to RFC 2440's rules), and it's not a
cleartext signed message, and a trailing blank was detected, then a
second pass using PGP's verification method can be worthwile.

More information about the Gnupg-devel mailing list