Signature verification problem

Werner Koch
Wed Jul 31 21:20:04 2002

On Wed, 31 Jul 2002 14:19:16 -0400, David Shaw said:

> I imagine it works on PGP because of "be conservative in what you
> generate and liberal in what you accept" and so PGP double-checks the
> claimed hash against the actual signature data in some manner.

Easy for PGP because it works on the entire file.  GnuPG can't do that
becuase it is really happy if you feed it with a 5 gig clearssigned
message - the signature (with the information on what hash to use)
comes at the end.

One way to work around this would be to setup another hash context and
calculate a SHA-1 hash along with the MD5 one.  However I am reluctant
to do this because gpg already has to setup more than one hash context
to cope with other PGP 2 things.

> It could be (and should be) argued that GnuPG should do the same here,
> but nevertheless this is a bug in CryptoEx.

CryptoEx claims to be OpenPGP compatible but there is some evidence
that it is only a minimal enhanced PGP thingy.