Possible bug when decrypting CryptoEx data?

David Shaw dshaw at jabberwocky.com
Wed Jul 30 15:54:01 CEST 2003

Hash: SHA1

On Mon, Jul 28, 2003 at 07:45:53PM +0200, Holger Sesterhenn wrote:
> Hi,
> (using GnuPG 1.2.2, linux)
> I have done some research on my problems decrypting mails which are created
> by CryptoEx (see message in gnupg-users last week).
> These files are signed and encrypted and look a little bit different from
> the files created by GnuPG:

Yes.  CryptoEx seems to be creating SIG+COMPRESSED(LITERAL), while old
PGP creates COMPRESSED(SIG+LITERAL). GnuPG and new PGP creates
COMPRESSED(ONEPASS+LITERAL+SIG), but can understand the old PGP

I took a quick look at 2440, and while no program other than CryptoEx
creates that packet sequence, it does not seem to be illegal - just

> It is obvious that CryptoEx seems to violate RFC2440 by creating cleartext
> signed messages with no 'Hash:' line and using SHA1 instead of MD5. GnuPG
> emits an error message but PGP verfies these messages OK! Maybe time for
> another flag (--CryptoEx)?

Ugh ;)  I guess a --cryptoex could enable a SHA1 context when there is
no Hash: header, but even that might not do it.  We'd have to run a
context for every possible hash since there is no way to know which
hash CryptoEx used.

The Hash: problem does violate 2440.  This has been a problem for a
long time now (at least a year).  I wish they'd fix it already.
CryptoEx has another problem besides this: it will try to encrypt to
RSA sign-only keys.

Version: GnuPG v1.2.3rc1 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc


More information about the Gnupg-devel mailing list