PGP pre-2.3 signatures are not supported

David Shaw dshaw at
Wed Nov 19 13:03:53 CET 2003

On Wed, Nov 19, 2003 at 08:15:33PM +0300, at wrote:
> >> I just found an article
> >> news:1992Dec20.102732.11494 at which has "BAD
> >> signature" in GnuPG 1.2.3 and "Good signature" in PGP 6.5.8.
> >> Can you reproduce this problem?
> David Shaw wrote:
> > Yes. Note that the signature was issued by PGP 2.1. The problem is
> > that PGP 2.3 changed the representation of the signature hash to
> > be PKCS compatible.
> Is is possible to report "signature is not
> PKCS compatible" instead of "BAD signature"?

Not easily.  The best that could happen is a message saying "Bad
signature or old signature representation" - without a good amount of
work, there is no way to tell the two apart.  These are all v2
signatures, but unfortunately, some v2s have the >=2.3 format and some
have the <2.3 format.

> > PGP 6.5.8 has code to do this.  GnuPG doesn't.  There isn't really
> > any major technical reason why GnuPG couldn't do this, but PGP 2.1
> > is almost 11 years old (note the date of the signature: December,
> > 1992) and is no longer used.
> But there are still many documents signed by old versions and many
> people expect that valid signatures will be validated as Good.

Backwards compatibility is always a balancing act between complexity,
effort, and how far back to go.  There are even earlier signature
types than PGP 2.1, but we have to stop somewhere.  Why not here?


More information about the Gnupg-devel mailing list