Possible GPG signature-check bug

David Shaw dshaw at jabberwocky.com
Thu Apr 18 22:32:02 CEST 2002

On Thu, Apr 18, 2002 at 01:48:39PM -0500, Larry Ellis wrote:
> Well, as you assumed from the files I sent, the chunk of data that contained
> the multiple signatures was from a timestamping service.  You also were
> correct, in that this block of data was created by sending a signature to
> the timestamping service, which in turn signed the signature and returned
> the resulting block to me.
> I'm not sure exactly what mechanism the service used to create this double
> signature.
> In any case, the questions are:
> 1.  Is there anything inherently wrong with the double signature block (for
> example, does it violate some packet structure convention).

You know - I was about to say it was fine and did not violate the
definition of a OpenPGP message, but I just checked, and I think it
does violate.  In any event, it ideally should be usable even if it
does violate ("be conservative in what you generate, liberal in what
you accept").

> 2. If the answer to 1 is no, whose handling of this is correct?  PGP's or
> GPG's?

I'm not trying to be unhelpful here, but the answer is "both".  No
standard specifies what the "right" thing to do here is, so the two
programs simply chose a different response to seeing two signature
packets in a row.

It would be possible to change GnuPG to act like PGP does, but the in
the absence of any specified standard behavior, the question then
arises whether the current behavior is better or not... I suspect that
people who build a file of multiple detached signatures would think
it was a change for the worse. ;)

The standard does specify a signature type for what you are doing (a
notary service signing a signature) - the notary signature (class
0x40).  At the moment, I don't believe any program handles 0x40
signatures yet.  That would be better as the signature class itself
specifies that it is not a detached signature over regular data.

Clearly whatever GnuPG does by default when it sees a file like this,
you still need to be able to verify the signature: in the "tools"
subdirectory of GnuPG there is a program called "gpgsplit".  Run it on
your double signature file and it will break it into two detached
signatures.  You can then verify A against B and B against your text


   David Shaw  |  dshaw at jabberwocky.com  |  WWW http://www.jabberwocky.com/
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

More information about the Gnupg-devel mailing list