BUG: Signing and encrypting a single space in textmode is broken

Ingo Klöcker ingo.kloecker at epost.de
Sat Apr 20 22:54:01 CEST 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[Please cc me as I'm not subscribed to gnupg-devel.]

Hi,

a KMail user tried to send himself a signed and encrypted message which 
only contains a single space. After decrypting the received message it 
contained some garbage characters and was not signed.

Luckily for me it's no bug in KMail. But it seems to be a bug in GnuPG. 
I can reproduce this bug with GnuPG 1.0.6e-cvs with the following 
command line (0x46967963 is the key id of a test key):
==========
aegypten at erwin:~ > echo -n " " | gpg --armor --sign --encrypt --textmode 
- -u 0x46967963 --set-filename stdin -r 0x46967963 | gpg --decrypt | xxd
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: Warning: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: NOTE: THIS IS A DEVELOPMENT VERSION!
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: Warning: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information

You need a passphrase to unlock the secret key for
user: "Aegypten (test key) <aegypten at test.test>"
1024-bit DSA key, ID 46967963, created 2002-04-20


You need a passphrase to unlock the secret key for
user: "Aegypten (test key) <aegypten at test.test>"
1024-bit ELG-E key, ID 3D046C5C, created 2002-04-20 (main key ID 
46967963)

gpg: encrypted with 1024-bit ELG-E key, ID 3D046C5C, created 2002-04-20
      "Aegypten (test key) <aegypten at test.test>"
0000000: 883f 0305 013c c1be a924 651f c846 9679  .?...<...$e..F.y
0000010: 6311 02e8 c700 9f56 bb65 ab45 e823 682a  c......V.e.E.#h*
0000020: 8eed ecf4 7ec6 4901 fce5 bc00 a08a f6ac  ....~.I.........
0000030: e73c 6ecb 4a6d 6dbf 7f24 3eeb 2204 1aa5  .<n.Jmm..$>."...
0000040: 69                                       i

==========

If I omit the --textmode option the result is

0000000: 20                                        

which is correct.

If I omit the --sign the result (after decryption) is empty. AFAIK this 
is also correct since trailing spaces are removed during textmode 
canonicalization.

Regards,
Ingo

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8wcJLGnR+RTDgudgRAjGBAKC4D6imWP7JemlsxV3QHVP+eu3JDQCgrRSJ
b2ZnI51wZtj4K7R2pANRjdU=
=FFf1
-----END PGP SIGNATURE-----




More information about the Gnupg-devel mailing list