GnuPG can't verify its own clearsign-ature
Kevin.Christian at lsil.com
Kevin.Christian at lsil.com
Thu Sep 16 18:23:32 CEST 1999
Solaris 2.5, GnuPG 1.0.0 (All checks PASS)
This could potentially be a pilot error, in which case, I'd be most
grateful if someone can point out the error of my ways. However, in
case it is not there may be a 1.0 bug to fix.
Mailer problems have led me to some experimentation with clear signing and
it seems I can't (properly) clear sign with SHA1, TIGER or RIPEMD160 as
digest methods. Basically what I'm doing is:
gpg --no-options --load-extension tiger --load-extension idea --load-extension rsa --digest-algo XXX --clearsign -o dummy.pgp msg.txt
where XXX is one of: md5, sha1, ripemd160 or tiger. Then, I follow with:
gpg --no-options --load-extension tiger --load-extension idea --load-extension rsa --verify dummy.pgp
For each signclear call I supply the right pass phrase and indicate that I
want dummy.pgp to be overwritten. Since it probably matters, the key used for
signing is RSA.
The surprising (at least to me) result is that the verify only works when
an md5 digest is used while signing. For all other digest methods the
verify step claims I have a bad signature. If I --sign instead of --clearsign
the signature validates just fine. Using --verbose didn't produce additional
clues. Using --debug-all resulted in signal 11 failures.
Feel free to send me any questions/ideas.
Kevin
More information about the Gnupg-devel
mailing list