TAB at EOL (GPG and PGP interoperability)

David Shaw dshaw@jabberwocky.com
Wed Jan 15 17:32:02 2003


On Wed, Jan 15, 2003 at 08:07:04AM -0800, vedaal@hush.com wrote:
> 
> 
> >Message: 8
> >From: Ingo =?iso-8859-1?q?Kl=F6cker?= <ingo.kloecker@epost.de>
> >To: gnupg-users@gnupg.org
> >Subject: Re: TAB at EOL (GPG and PGP interoperability)
> >Date: Wed, 15 Jan 2003 02:01:02 +0100
> ..
> >Huh?
> >
> >If I run
> >
> >> echo "1234 6789 1234 6789 1234 6789 1234 6789 1234 6789 1234 6789 
> >1234=20
> >6789 1234 6789 1234 6789 1234 6789 1234 6789 1234 6789 1234 6789 
> >1234=20
> >6789 1234 6789 1234 6789 1234 6789 1234 6789" | gpg --clearsign
> >
> >then this will result in a single (not wrapped) clearsigned line. 
> >How do=20
> >you make gpg wrap lines?
> ..
> 
> you are right.
> sorry  :(
> 
> was using the front ends for gnupg to sign, 
> and both win pt and gpgshell wrap at position 64 by default
> 
> checking it in the command line with just the --clearsign command produced no wrapping.
> 


> but i still don't understand something:
> 
> if the plaintext line ends in a 'tab' and is clearsigned by gnupg,
> the signature will be 'bad' if the 'tab' is deleted from the end of
> the line in the clearsigned text, so is gnupg calculating the 'tab'
> in the hash, even if it is at the end of a line,

It doesn't.  If you delete the tab at the end of the line, the
signature should still validate correctly.  However: if you are using
a v3 RSA key, GnuPG guesses you want to be compatible with PGP 2.x, so
it includes the tab.  Using the --openpgp flag makes this strictly
RFC-2440, so it will not include the tab.

> and if it is, then
> why not have both gnupg and pgp agree to calculate it in the same
> way?

They should both calculate it the same way.  The standard says that
the way GnuPG does it is right, which makes what PGP is doing wrong.
I have a good bit of sympathy for the PGP developers here.  This is a
problem they've had for a long time, and it's very difficult to fix
without breaking backwards compatibility.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson