Clearsigned text / OpenPGP interop
Rachel Willmer
rwillmer at gmail.com
Mon Dec 10 15:50:15 CET 2007
Hi
I wonder if someone could point me in the right direction.
I'm using GPG to generate a clearsigned text message (V4 sig, SHA1
hash) which I'd like to validate using OpenPGP::SDK. The test is
currently failing, and I'm a bit confused about what GPG is actually
hashing.
In the GPG function hash_sigversion_to_magic(), it's hashing the
signature sub-packet as I'd expect, but then at the end of the
function, there's this:
<code>
/* add some magic */
buf[0] = sig->version;
buf[1] = 0xff;
buf[2] = n >> 24; /* hmmm, n is only 16 bit, so this is always 0 */
buf[3] = n >> 16;
buf[4] = n >> 8;
buf[5] = n;
md_write (md, buf, 6);
</code>
I can't figure how this matches up to the OpenPGP spec.
So if anyone can help with the following questions, I'd appreciate it:
a) Am I just missing something obvious in the RFC? If so, please point me at it!
b) Or, do I need to do something special to make gpg generate
OpenPGP-compliant packets? (I'm using --openpgp but is there something
else?)
c) or is gpg just not intended to be openpgp-compliant for V4 sigs?
thanks for any light you can shed,
Rachel
More information about the Gnupg-devel
mailing list