[PATCH] Make update_keysig_packet honour cert-digest-algo

David Shaw dshaw at jabberwocky.com
Tue May 12 15:42:28 CEST 2009

On May 10, 2009, at 11:11 AM, J Cruickshanks wrote:

> Hi there,
> Firstly, I should warn you this is the first set of patches I've
> submitted for any software ever, so please accept my apologies if
> something is out of order.  :)
> With all the recent SHA-1 related news, I decided to test gpg to  
> ensure
> that updated self-signatures used the algorithm specified in
> cert-digest-algo. I discovered that gpg takes the digest algorithm  
> from
> the previous self-signature. This patch allows this behaviour to be
> overridden by using the digest specified by cert-digest-algo. I will  
> be
> honest and say that I haven't read the full PGP specification, so this
> might be against it so feedback on this would be welcome.

I don't think it's against the standard, and I do think the patch does  
what you set out to do, but I have a concern whether this is something  
we want to do in the code.  update_keysig_packet is called for  
expiration changes, backsig additions, setting the primary uid,  
updating preferences and the preferred keyserver, and adding  
notations.  All of these items involve manipulating an existing, and  
presumably working, signature (i.e. the update cases, hence the  
function name).

This patch would mean that when updating these signatures, the  
signature hash may also be changed, as a secondary item.  So if the  
user changes the primary UID flag, they'll get a new cert hash at the  
same time.  This is fine if someone intended to do that, but less fine  
if it happens as an unexpected side-effect of doing something as  
simple as setting the primary UID flag.

We still live in a world where a good percentage of the installed code  
base cannot understand things like SHA256 (and fewer can understand  
SHA512 or 384), so I think this violates the principle of least  
surprise - people should not be able to easily render their keys  
unusable by some percentage of the population without doing that on  
purpose.  (It's actually a bit more complex than this if people are  
using the keyserver net to distribute their keys, but the basic point  
is the same).

So all that said, if the goal is a new self sig, just sign your own  
UID like you'd sign any other UID.  GPG will recognize that it needs  
to make a self-signature, and will properly add the various self-sig  
things like preferences and such.

gpg --cert-digest-algo the-new-algo -u mykey --edit-key mykey
delsig (the old sig)
sign (make the new sig)


More information about the Gnupg-devel mailing list