TAB at EOL (GPG and PGP interoperability)
David Shaw
dshaw@jabberwocky.com
Wed Jan 15 17:32:02 2003
On Wed, Jan 15, 2003 at 08:07:04AM -0800, vedaal@hush.com wrote:
>
>
> >Message: 8
> >From: Ingo =?iso-8859-1?q?Kl=F6cker?= <ingo.kloecker@epost.de>
> >To: gnupg-users@gnupg.org
> >Subject: Re: TAB at EOL (GPG and PGP interoperability)
> >Date: Wed, 15 Jan 2003 02:01:02 +0100
> ..
> >Huh?
> >
> >If I run
> >
> >> echo "1234 6789 1234 6789 1234 6789 1234 6789 1234 6789 1234 6789
> >1234=20
> >6789 1234 6789 1234 6789 1234 6789 1234 6789 1234 6789 1234 6789
> >1234=20
> >6789 1234 6789 1234 6789 1234 6789 1234 6789" | gpg --clearsign
> >
> >then this will result in a single (not wrapped) clearsigned line.
> >How do=20
> >you make gpg wrap lines?
> ..
>
> you are right.
> sorry :(
>
> was using the front ends for gnupg to sign,
> and both win pt and gpgshell wrap at position 64 by default
>
> checking it in the command line with just the --clearsign command produced no wrapping.
>
> but i still don't understand something:
>
> if the plaintext line ends in a 'tab' and is clearsigned by gnupg,
> the signature will be 'bad' if the 'tab' is deleted from the end of
> the line in the clearsigned text, so is gnupg calculating the 'tab'
> in the hash, even if it is at the end of a line,
It doesn't. If you delete the tab at the end of the line, the
signature should still validate correctly. However: if you are using
a v3 RSA key, GnuPG guesses you want to be compatible with PGP 2.x, so
it includes the tab. Using the --openpgp flag makes this strictly
RFC-2440, so it will not include the tab.
> and if it is, then
> why not have both gnupg and pgp agree to calculate it in the same
> way?
They should both calculate it the same way. The standard says that
the way GnuPG does it is right, which makes what PGP is doing wrong.
I have a good bit of sympathy for the PGP developers here. This is a
problem they've had for a long time, and it's very difficult to fix
without breaking backwards compatibility.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson