1.07 and v3 rsa signatures

Len Sassaman rabbi@quickie.net
Thu May 2 01:00:02 2002


The bug occurs when a gpg user encrypts, and *signs* using a v3 key. PGP
isn't able to verify the signature, and bails before giving the plaintext.

This was reported June 24th, 2000 on the gnupg-devel list. See the
original post for more info:

http://lists.gnupg.org/pipermail/gnupg-devel/2000-June/005190.html

Message-ID: <Pine.BSF.4.21.0006240329020.7562-100000@mesozoic.net>

(and kudos to Werner and David for getting this fixed.)

On Wed, 1 May 2002, Leigh S. Jones, KR6X wrote:

> I find this odd -- the original message suggests that if gpg1.0.6 encrypts
> using a v3 rsa key that pgp couldn't  decrypt.  The short message below
> decrypted fine (before my mail tool added >'s) with PGP7.03, but
> gpg107 can't handle it -- reporting "no data" (using WinPT 5.5 and
> clipboard).
>
> ----- Original Message -----
> From: "vedaal" <vedaal@hotmail.com>
> To: <gnupg-users@gnupg.org>
> Sent: Wednesday, May 01, 2002 10:59
> Subject: 1.07 and v3 rsa signatures
>
>
> > messages that were encrypted to any key, but signed with an rsa v3 key in
> > 1.06, were not verifiable by any pgp version
> > {it acted as a 'detached signature}
> >
> > this appears to be fixed in 1.07
> >
> > below is an armored signed message from 1.07 using a v3 rsa key
> >
> > -----BEGIN PGP MESSAGE-----
> > Version: GnuPG v1.0.7 (MingW32)
> > Comment: Acts of Kindness better the World, and protect the Soul
> >
> > owGbwMvMwMyYxbpge6tBrirjmsYkTkMD8xJDvZKKEpsLqucSi3Lzi1JTFIoz0/OA
> > VElqcQkvF5RTnlmSoVBmrFBUnKiQnVqpoKGQnpqXWpRYApTLzFMoSC9QSCktysxL
> > VyjJSFVwzUlJLVJwSaws1uTlKi0GCRvqGZgrpBXl5yr4lebkZKZV8nLxcnUyijKz
> > MoDshruKWfsEB0PbPeGc27ee3D7pdfk8/+FIp+3fVa+UnW1dcn9TiLGxJOOLF/X9
> > sZmTknOmN/E2P2Rmqym5WqK85/7r8mWvT5++9rFZ4+w+29/fXIPNaiTmHJ7cY7ff
> > Y1m0R3+x3p/Nfjctoq+dUs3Mn7ZY59LVpcYn1kfvcXx+31ZjcSf/JY+Fv5bL/ent
> > /+MsNI2nI7kuep4Zo8mixM8RwrPlpz6oYD6x2V5na/2//B92y7LP1R9ru7Xi2bly
> > DdU36tKTNTI1tNc/uq6WdDXGr+HlWutI3UdrrFkNO1PU5/JnctbEm+Z1sF35bJQ2
> > dbImv1fX9Idtu++97v4w8d7tTKGGxuRtyvGOtQpeaf/eqcx7n/mj6iUA
> > =yxo6
> > -----END PGP MESSAGE-----
> >
> > is this for all 1.07,
> > or just for the Nullify compilation that includes a switch for v3 rsa
> > generation?
> >
> > tia,
> > vedaal
> >
> >
> >
> > _______________________________________________
> > Gnupg-users mailing list
> > Gnupg-users@gnupg.org
> > http://lists.gnupg.org/mailman/listinfo/gnupg-users
> >
>
>
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users@gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users
>

--Len.