Possible bug when decrypting CryptoEx data?

David Shaw dshaw at jabberwocky.com
Wed Jul 30 15:54:01 CEST 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Jul 28, 2003 at 07:45:53PM +0200, Holger Sesterhenn wrote:
> Hi,
> 
> (using GnuPG 1.2.2, linux)
> 
> I have done some research on my problems decrypting mails which are created
> by CryptoEx 2.1.11.1 (see message in gnupg-users last week).
> 
> These files are signed and encrypted and look a little bit different from
> the files created by GnuPG:

Yes.  CryptoEx seems to be creating SIG+COMPRESSED(LITERAL), while old
PGP creates COMPRESSED(SIG+LITERAL). GnuPG and new PGP creates
COMPRESSED(ONEPASS+LITERAL+SIG), but can understand the old PGP
format.

I took a quick look at 2440, and while no program other than CryptoEx
creates that packet sequence, it does not seem to be illegal - just
unusual.

> It is obvious that CryptoEx seems to violate RFC2440 by creating cleartext
> signed messages with no 'Hash:' line and using SHA1 instead of MD5. GnuPG
> emits an error message but PGP verfies these messages OK! Maybe time for
> another flag (--CryptoEx)?

Ugh ;)  I guess a --cryptoex could enable a SHA1 context when there is
no Hash: header, but even that might not do it.  We'd have to run a
context for every possible hash since there is no way to know which
hash CryptoEx used.

The Hash: problem does violate 2440.  This has been a problem for a
long time now (at least a year).  I wish they'd fix it already.
CryptoEx has another problem besides this: it will try to encrypt to
RSA sign-only keys.

David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc

iEYEARECAAYFAj8nwDsACgkQ4mZch0nhy8mnFgCdF5/KTQsRpOU2Pvq5Ksml29BQ
dO8AoLbsnXnqfazSFCwWMIvXOxaQ+Wdt
=WohA
-----END PGP SIGNATURE-----




More information about the Gnupg-devel mailing list