Cleartext signing with CR character.

alex abc3def at
Tue Feb 4 23:57:42 CET 2014


I am trying to generate a cleartext signed message using BouncyCastle. And
I validate results using GnuPGP. I have a problem with CR (\r) characters.

The data on input

I write such text into cleartext section
    "-----BEGIN PGP SIGNED MESSAGE-----\r\n"
    "Hash: SHA1\r\n"
    "-----BEGIN PGP SIGNATURE-----\r\n"

Then I compute signature from string
and write the remaining of the "PGP SIGNATURE" section...

Then I try to validate result message using
    "gpg2 --verify 01.asc"

but I get this error:
    "BAD signature"

The main question that I have is: "If I ask GnuPGP to sign/verify "A\rB"
text, what bytes will it send to signature generator?"

I have found a function


that seems to be computing signature for cleartext signed messages. And, if
I've understood code correctly, there is no difference for GnuPGP between
\r or \t or just white space ' '. But when I create myself a message from
"A B", and then validate using "gpg2" it succeeds saying "Good signature".

There is a number of tests I've done so far like this:

    assert("Hola\r\n", "Hola");

The first argument is a text as I want it to be written into cleatext
section (notice, that I explicitly specify last CRLF before "BEGIN PGP

The second argument specifies the the data *as is* to compute signature
from them. I.e. there is no normalization done for this argument. I exactly
specify what to be used for signature generation.

The "assert" function takes that arguments, generates cleartext signed
message (with help of the BouncyCastle), and then asks "gpg2" to verify

Here are my results:

    assert("A\r\n", "A"); // OK
    assert("A\nB\r\n", "A\r\nB"); // OK
    assert("A\r\r\r\r\n", "A"); // OK
    assert("A\r\r\r\nB\r\n", "A\r\nB"); // OK

    assertClearSign(null, "A\tB\r\n", "A\tB"); // OK

    assert("A\rB\r\n", "A\rB"); // BAD
    assert("A\rB\r\n", "A\r\nB"); // BAD
    assert("A\rB\r\n", "A\nB"); // BAD
    assert("A\rB\r\n", "AB"); // BAD
    assert("A\rB\r\n", "A B"); // BAD

So I've done a bunch of test trying to figure out how to compute signature
from "A\rB" but no luck...

Can you explain, how does GnuPGP works with "\r" chars in text.

BTW, my version is:

    gpg (GnuPG) 2.0.20 (Gpg4win 2.1.1)
    libgcrypt 1.5.2
    Copyright (C) 2013 Free Software Foundation, Inc.
    License GPLv3+: GNU GPL version 3 or later <>
    This is free software: you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.

    Home: C:/Users/Sasha/AppData/Roaming/gnupg
    Supported algorithms:
    Pubkey: RSA, ELG, DSA
            CAMELLIA128, CAMELLIA192, CAMELLIA256
    Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
    Compression: Uncompressed, ZIP, ZLIB, BZIP2

- Alex
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20140205/1209dcff/attachment.html>

More information about the Gnupg-devel mailing list