WARNING: signature digest conflict in message ?

David Shaw dshaw at jabberwocky.com
Thu Sep 25 22:19:00 CEST 2008

On Thu, Sep 25, 2008 at 08:17:25PM +0100, Brian Candler wrote:
> On Thu, Sep 25, 2008 at 04:03:47PM +0200, Matija Nalis wrote:
> > That is indeed very reasonable (I didn't think of big non-seekable
> > stream and was hoping for 2-pass or buffer) and obviously the right
> > way to do it, not to mention conforming to RFC.
> > 
> > (although as alternative it might also sequentially generate all
> > supported hashes as it goes, and then drop the unneeded ones; but
> > this would also be an inexcusable waste of resources)
> I wonder if in principle another option would be to take the clearsigned
> message, reformat it as message plus detached signature, and then process
> that. (This could be done in one pass, and then the actual verification
> would be a second pass)

This theoretically could be done, but there are some corner cases due
to end of line handling between the clearsigned format and the
detached format.  Basically:

>     clearsigned message <-------> message + detached signature

This is possible.

>     signed message <------------> message + detached signature

This is isn't always possible without the signed message having
particular end of line restrictions.


More information about the Gnupg-devel mailing list