PGP/MIME implementors: text mode vs. binary mode? (from: hal@finney.org)

[Russ Allbery]

Marco d'Itri <md at Linux.IT> writes:
> On Feb 14, Werner Koch <wk at gnupg.org> wrote:

>> The real question is whether to hash trailing whitespace or not.  One
>> way to help decide this is to look at how existing implementations do
>> it.

> I remember a long discussion about that in the documentation for the
> PGP::Sign perl module.

This is the information I finally ended up with, written for GnuPG 1.0.1:

    PGP, both the 2.6.2 implementation and the 5.0 implementation, behaves
    differently when generating attached signatures than when generating
    detached signatures. For attached signatures, trailing whitespace in
    lines of the data is not significant, but for detached signatures it is.
    This, combined with the fact that there's no way that I can see to get
    PGP to verify a detached signature without using files on disk, means
    that in order to maintain the intended default semantics of this module
    (manipulating detached signatures), I had to use temporary files in the
    implementation of pgp_verify(). PGP::Sign sets its umask before creating
    those temporary files and checks for race conditions, but files may be
    left behind in the event that an application using pgp_verify() crashes
    unexpectedly.

    Also, because of this incompatibility, you need to be aware of what the
    process checking the signatures you generate is expecting. If that
    process is going to turn your signature into an attached signature for
    verification (as pgpverify does for Usenet control messages), then you
    need to pre-munge your data to remove trailing whitespace at the ends of
    lines before feeding it to PGP. PGP::Sign will do that for you if you
    set $PGP::Sign::MUNGE to a true value.

    To add even more confusion to the mix, RFC 2440 specifies that text-mode
    signatures are performed against data with canonicalized line endings
    and with trailing whitespace removed (see section 5.2.1), and GnuPG
    follows RFC 2440 in this regard. There is no difference specified there
    between attached and detached signatures, and GnuPG treats them both the
    same. This means that if you're generating a signature with PGP 5.0 that
    you want to be verifiable with GnuPG, you need to set $PGP::Sign::MUNGE,
    and there is no way to generate a detached signature of text data with
    trailing whitespace using GnuPG that will verify with PGP 5.0, or to
    generate a detached signature of text data with trailing whitespace that
    will verify as such with both PGP 5.0 and GnuPG.

    (It's possible that I may have missed documentation somewhere that
    resolves some of this conflict; if so, corrections are very much
    welcome.)

and from the test suite:

# 9 (check signature of munged data against unmunged data w/o MUNGE)
# Whether this signature verifies under GnuPG depends on the version of
# GnuPG; GnuPG 1.0.2 verifies it, while GnuPG 1.0.1 doesn't.  Earlier
# versions do verify it.  This is a disagreement over how to handle
# trailing whitespace when verifying signatures.
if ($PGP::Sign::PGPSTYLE eq 'GPG') {
    print "ok 9 # skip\n";
} else {
    $signer = pgp_verify ($signature, $version, @munged);
    print 'not ' if ($signer ne '' || PGP::Sign::pgp_error);
    print "ok 9\n";
}

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>