Clearsigned text / OpenPGP interop

Mon Dec 10 16:01:36 CET 2007

On Mon, Dec 10, 2007 at 02:50:15PM +0000, Rachel Willmer wrote:
> Hi
> 
> I wonder if someone could point me in the right direction.
> 
> I'm using GPG to generate a clearsigned text message (V4 sig, SHA1
> hash) which I'd like to validate using OpenPGP::SDK. The test is
> currently failing, and I'm a bit confused about what GPG is actually
> hashing.
> 
> In the GPG function hash_sigversion_to_magic(), it's hashing the
> signature sub-packet as I'd expect, but then at the end of the
> function, there's this:
> 
> <code>
>        /* add some magic */
>        buf[0] = sig->version;
>        buf[1] = 0xff;
>        buf[2] = n >> 24; /* hmmm, n is only 16 bit, so this is always 0 */
>        buf[3] = n >> 16;
>        buf[4] = n >>  8;
>        buf[5] = n;
>        md_write (md, buf, 6);
> </code>
> 
> I can't figure how this matches up to the OpenPGP spec.
> 
> So if anyone can help with the following questions, I'd appreciate it:
> 
> a) Am I just missing something obvious in the RFC? If so, please
> point me at it!

The above magic comes from section 5.2.4 in RFC-4880.  Specifically:

   V4 signatures also hash in a final trailer of six octets: the
   version of the Signature packet, i.e., 0x04; 0xFF; and a
   four-octet, big-endian number that is the length of the hashed data
   from the Signature packet (note that this number does not include
   these final six octets).

> b) Or, do I need to do something special to make gpg generate
> OpenPGP-compliant packets? (I'm using --openpgp but is there something
> else?)

Nothing special.  You have to go pretty far out of your way to make
GPG violate OpenPGP, and it usually complains about doing it.

David