Possible GPG signature-check bug

Werner Koch wk at gnupg.org
Thu Apr 18 22:21:01 CEST 2002

On Thu, 18 Apr 2002 13:48:39 -0500, Larry Ellis said:

> 1.  Is there anything inherently wrong with the double signature block (for
> example, does it violate some packet structure convention).

Yes, the grammar is like this (rfc2440):

   Signed Message :- Signature Packet, OpenPGP Message |
               One-Pass Signed Message.

But you have 

    YouMessage :-  Signature Packet, Signature Packet

which is not possible because

   OpenPGP Message :- Encrypted Message | Signed Message |
                      Compressed Message | Literal Message.

so it turns out that a Signed Message eventually leads to an
encrypted, compressed or literal message - all of these message don't
have an empty body.  

It can be debated whether a detached signature may contain several
signature packets; the wording is not clear.

> 2. If the answer to 1 is no, whose handling of this is correct?  PGP's or
> GPG's?

PGP 2 handles this wrong.

Given that the sematics of a timestamping signature are not well
defined, it would be best for a time stamping service to create a
deatched signature on your detached signature.


More information about the Gnupg-devel mailing list