Optimization-dependent behavior with GnuPG 1.4.19 and GCC 5
gniibe at fsij.org
Thu Oct 1 09:19:19 CEST 2015
On 10/01/2015 02:41 PM, Kevin Locke wrote:
> Any idea if sig->unhashed being NULL is easily avoidable when creating
> signed documents as a workaround for users with affected versions
> already in the wild?
I don't think we have an easy way.
Fortunately, GnuPG itself doesn't produce such a signature.
Dumping the signature packet of the file (InRelease) by pgpgdump,
New: Signature Packet(tag 2)(284 bytes)
Ver 4 - new
Sig type - Signature of a canonical text document(0x01).
Pub alg - RSA Encrypt or Sign(pub 1)
Hash alg - SHA256(hash 8)
Hashed Sub: signature creation time(sub 2)(4 bytes)
Time - Thu Oct 1 14:06:24 JST 2015
Hashed Sub: issuer key ID(sub 16)(8 bytes)
Key ID - 0x3746C208A7317B0F
Hash left 2 bytes - d5 16
RSA m^d mod n(2048 bits) - ...
Here, issuer key ID is hashed (and we don't have unhashed packet).
GnuPG puts issuer key ID to unhashed packet.
More information about the Gnupg-devel