bad sig with gpg but good sig with pgp5.0i and pgp6.5.8

Ingo Kloecker ingo@mathA.rwth-aachen.de
Tue, 5 Dec 2000 18:14:54 +0100


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday,  5. December 2000 16:57, Jack McKinney wrote:

> Big Brother tells me that Huels, Ralf KSV wrote:
> > > Under Windows, I got a good sig with PGP 6.5.8 and GnuPG 1.0.4.
> >
> > And I got a bad sig with GnuPG 1.0.4. The file seems to have Unix
> > style newlines (0x0A instead of 0x0D0A). I suspect it´s some
> > conversion issue with charset or newline characters.
>
> See the '--textmode' option.
In my original posting I forgot to tell you that I use GnuPG on Linux. gpg --verify --textmode <*the attached file in my original posting* gives the following output: gpg: Signature made Mon 04 Dez 2000 21:54:06 MET using DSA key ID 2D8DD64A gpg: BAD signature from "Michael Haeckel <Michael.Haeckel@stud.uni-bayreuth.de>" The same command line without '--textmode' gives the same output. So the '--textmode' option doesn't seem to be the solution. After some research I found out how the message with the good/bad signature was composed. Because of a bug (or a feature) PGP 5.0i isn't able to clearsign a message if this message contains 8-bit characters (like german umlauts). Therefore the developers of KMail programmed a work around. The message is first signed with a detached signature and then a clearsigned message is composed as follows: "-----BEGIN PGP SIGNED MESSAGE-----\n\n" + unsigned_message + "\n" + detached_signature Now the question is: Why do PGP 5.0i (under Linux), PGP 6.5.8 (under Linux and Windows) and (according to Graham) even GnuPG 1.0.4 (under Windows) accept this message as correctly signed while GnuPG 1.0.4 (under Linux) doesn't accept the signature? There seems to be some weird discrepancy between the Windows and the Linux version of GnuPG. Regards, Ingo - -- Ingo Klöcker Lehrstuhl A für Mathematik RWTH Aachen 52056 Aachen -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE6LSKPqUQWN/hplRsRAndaAKCljbesTedkxBOwitKUEPj7jjuFLACghRsG IL9K9yYf0agkw2GGy75FDYI= =7Woj -----END PGP SIGNATURE----- -- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org