bad sig with gpg but good sig with pgp5.0i and pgp6.5.8

Ingo Kloecker ingo@mathA.rwth-aachen.de
Tue, 5 Dec 2000 18:14:54 +0100 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday,  5. December 2000 16:57, Jack McKinney wrote:

> Big Brother tells me that Huels, Ralf KSV wrote:

> > > Under Windows, I got a good sig with PGP 6.5.8 and GnuPG 1.0.4.

> >

> > And I got a bad sig with GnuPG 1.0.4. The file seems to have Unix

> > style newlines (0x0A instead of 0x0D0A). I suspect it´s some

> > conversion issue with charset or newline characters.

>

>     See the '--textmode' option.


In my original posting I forgot to tell you that I use GnuPG on Linux.

gpg --verify --textmode <*the attached file in my original posting*
gives the following output:

gpg: Signature made Mon 04 Dez 2000 21:54:06 MET using DSA key ID 
2D8DD64A
gpg: BAD signature from "Michael Haeckel 
<Michael.Haeckel@stud.uni-bayreuth.de>"

The same command line without '--textmode' gives the same output.
So the '--textmode' option doesn't seem to be the solution.

After some research I found out how the message with the good/bad
signature was composed.
Because of a bug (or a feature) PGP 5.0i isn't able to clearsign a
message if this message contains 8-bit characters (like german
umlauts). Therefore the developers of KMail programmed a work around.
The message is first signed with a detached signature and then a
clearsigned message is composed as follows:
"-----BEGIN PGP SIGNED MESSAGE-----\n\n" + unsigned_message + "\n" + 
detached_signature

Now the question is:
Why do PGP 5.0i (under Linux), PGP 6.5.8 (under Linux and Windows) and
(according to Graham) even GnuPG 1.0.4 (under Windows) accept this
message as correctly signed while GnuPG 1.0.4 (under Linux) doesn't
accept the signature?
There seems to be some weird discrepancy between the Windows and the
Linux version of GnuPG.

Regards,
Ingo

- -- 
Ingo Klöcker
Lehrstuhl A für Mathematik
RWTH Aachen
52056 Aachen
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6LSKPqUQWN/hplRsRAndaAKCljbesTedkxBOwitKUEPj7jjuFLACghRsG
IL9K9yYf0agkw2GGy75FDYI=
=7Woj
-----END PGP SIGNATURE-----

-- 
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of  "unsubscribe"  to gnupg-users-request@gnupg.org