Signature on article is BAD in GnuPG and Good in PGP

David Shaw dshaw at jabberwocky.com
Wed Nov 19 11:45:54 CET 2003


On Tue, Nov 18, 2003 at 06:02:55PM +0300, ls+gnupg.devel.gnupg.org at gambit.com.ru wrote:
> Dear developers!
> 
> I just found an article news:1992Dec20.102732.11494 at extropia.wimsey.bc.ca
> which has "BAD signature" in GnuPG 1.2.3 and "Good signature" in PGP 6.5.8.
> 
> Can you reproduce this problem?

Yes.  Note that the signature was issued by PGP 2.1.

The problem is that PGP 2.3 changed the representation of the
signature hash to be PKCS compatible.  This means that any signatures
issued by pre-v2.3 versions are not compatible with anything that came
later unless that program has special compatibility code to verify the
old-format sigs.

PGP 6.5.8 has code to do this.  GnuPG doesn't.  There isn't really any
major technical reason why GnuPG couldn't do this, but PGP 2.1 is
almost 11 years old (note the date of the signature: December, 1992)
and is no longer used.

As things stand now, GnuPG is compatible back to PGP 2.3 (June, 1993).
I suspect there isn't much point in adding the complexity to go even
further back in time.

Neat problem, though.  It's not every day that something like this
crops up.

David



More information about the Gnupg-devel mailing list