Bug in 1.2.4 - cannot verify messages with lines that contain
kfitzner at excelcia.org
Mon Mar 22 04:00:43 CET 2004
David Shaw wrote:
> I'm afraid I don't really understand the problem you're having. Can
> you post an example of the problem? I have never had a problem
> verifying a signature from anyone on this list.
It appears that I was mistaken. It is a bug in either Mozilla
Thunderbird or in Enigmail (or both). It seems that the dash escape is
removed from messages before it is passed to GnuPG.
However, I would still suggest the submitted patch be incorporated.
Without it, gpg assumes that any line that starts with 4 dashes is a
armor header. With the patch, it will ignore dashed lines unless they
are a known OpenPGP header - at which point, if it is not the header
that gpg is looking for, it will still output an "unexpected armor"
Attached is a zipped file with an example message where the dash escape
has been removed from a non-gpg-armor line. The change in the patch
will allow it to be verified, whereas stock 1.2.4 will die with a series
With the patch, improperly escaped messages will still be able to be
verified unless they contain nested armor headers where the escaping has
also been removed. Additionally, it nullifies the need to dash escape
lines that are not actually OpenPGP armor headers - thus preserving the
formatting on clearsigned text more faithfully.
If this change is rejected, I still suggest that the errors returned
when gpg attempts to verify the signature on the sample message should
be verbose-mode messages only. I'm not sure that exposing the internal
gpg errors that occur when bad armor is found is a good thing. At
least, not unless verbose output is selected. I would suggest that "good
signature", "bad signature" or "no signature" be the only normal output
when verifying a message.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 655 bytes
Desc: not available
Url : /pipermail/attachments/20040321/13ff161f/ClearsignedDashes.bin
More information about the Gnupg-users