files with different md5, but signature checks out ok?
Werner Koch
wk@gnupg.org
Fri Dec 21 18:58:01 2001
On Mon, 19 Nov 2001 12:08:06 -0200, Andreas Hasenack said:
> So, gpg seems to be ignoring these termination issues. How does it know
> this is a text file? How can it be sure?
This is per OpenPGP. If you create a message in --textmode (OpenPGP
signature class 0x01) lineendings are transformed to CR,LF before
calcualting the signature.
The only way to tell this is by looking at the signature packet using
gpg --list-packets and waching out for sigclass:
:signature packet: algo 17, keyid 2253B29A66643A0C
version 3, created 1006176662, md5len 5, sigclass 01
digest algo 2, begin of digest 47 33
data: [158 bits]
data: [155 bits]
> This raises another question for me. Some MTAs mangle the messages, converting
> them to/from 8bit, for example, and other things. This can potentially corrupt
> signed messages, right? Or do some MTAs check things like content-type or
Yes. This is the reason for --textmode but it has a couple of other
problems. So the suggested solution is to use PGP/MIME (rfc3156)
which has all the required provisions.
IMHO, all this content modification stuff does not belong into the
OpenPGP layer. However it is there fore historical reasons.
Werner
--
Werner Koch Omnis enim res, quae dando non deficit, dum habetur
g10 Code GmbH et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions -- Augustinus