bug: can't sign zero-length data

John Kane jkane89@softhome.net
Sun Apr 21 09:18:01 2002

mm> echo -n ' ' | gpg --armor --sign --encrypt --textmode \
mm> -u 0xdeadbeef --set-filename stdin -r 0xdeadbeef |gpg --decrypt

You're right.  I get the same behavior using gpg 1.0.6-2 + WinXP,
with a file consisting of one or more space characters and no
trailing CRLF or non-whitespace characters.  The problem goes
away if I drop textmode and do -sea instead of -seat, but then
it comes back again if I feed a zero-length empty file to gpg.

The hash and signature don't properly verify when the plaintext
gets canonicalized to the equivalent of zero-bytes-long.

Instead of 'Good signature...', I get only 'encrypted with...'
and 65 bytes of binary garbage to stdout.  In fact, I think
the sig packet might be getting parsed as bogus ciphertext
instead of being recognized as a signature.

Original 1.0.6 gives 72 garbage bytes instead of 65.  (?)

"You're only as original as the obscurity of your sources."
   -- Picasso