Possible clearsign problem
wk at gnupg.org
Wed Sep 15 09:38:13 CEST 1999
Bob Luckin <bob at dal.asp.ti.com> writes:
> I have installed GPG 1.0 on an HP-UX 10.20 system, and been playing with it.
> (I used HP's ANSI C compiler and --disable-dynload to build it; I couldn't
> get it to work with dynamic loading.)
Ohh, I thought that I add support for shl_load() or whatever these
functions are called. I probabyl check it the next time I have access
to such a machine (and some spare time).
> I've seen a couple of issues when clearsigning text :-
Ohh, once I thought all the problems are now fixed :-)
> So the question is whether GPG or PGP 5.0 is compliant with the RFC ?
Guess my answer ;-)
> If GPG is compliant, then it still has a problem with case (b), because it
> adds a newline when signing and then does not remove it subsequently. (Yet
> it must add a newline, because the '-----BEGIN PGP SIGNATURE-----' must be
> on a line of it's own, yes ?)
I had a lot of trouble with this issue and I now believe that the
current code does it best regarding compatibilty to PGP 5 and PGP 2.
It is not a perfect solution.
> Either way, it would be a good idea to modify the RFC to make it clear which
> of the two cases applies :-
> i) A newline is supposed to be added and subsequently removed
This is the far easiest way to define it. However, PGP 2 and 5 don't
work this way. I will throw that into the OpenPGP discussion.
> ii) The cleartext is to be unchanged, but the final newline is to be gnored
> purely for the purposes of calculating the signature. (In which case
I think that is what we are doing.
> you need to specify how to cope with the case when the cleartext does not
> end in a newline.)
Or what to do with a message of size 0 (someone complained about
Anyway, clearsigned text is supposed to be used for reading by humans
and not my machines. Such a message does not change it's sense by
adding blank lines or trailing spaces (what is another problem with
the PGP implemenations - gpg calculates two different hashs to cope
with this in some cases)
Werner Koch at guug.de www.gnupg.org keyid 621CC013
More information about the Gnupg-devel