Problem interoperating with PGP Univeral?
wk at gnupg.org
Mon Apr 2 11:24:45 CEST 2007
On Mon, 2 Apr 2007 09:40, patrick at mozilla-enigmail.org said:
>>> I can provide some more details on this. GnuPG 1.4.7 returns with this
>>> error message "gpg: can't handle this ambiguous signature data".
Well, PGP is broken:
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.5.3
-----END PGP SIGNATURE-----
This should be a detached signature, but
$ gpg --list-packets -v x.sig
gpg: armor header: Version: PGP Universal 2.5.3
50 47 50
:onepass_sig packet: keyid FDCED7B2A2C2FE33
version 3, sigclass 01, digest 2, pubkey 17, last=1
:signature packet: algo 17, keyid FDCED7B2A2C2FE33
version 3, created 1175181861, md5len 5, sigclass 0x01
digest algo 2, begin of digest 0b c4
data: [157 bits]
data: [160 bits]
So what we have is an ascii armor with a marker packet (that is okay),
followed by a one-pass signature packet directly followed by the
signature packet. Between the one-pass signature packet and the
signature packet, a literal data packet is expected.
Here is the OpenPGP packet grammar:
An OpenPGP message is a packet or sequence of packets that
corresponds to the following grammatical rules (comma represents
sequential composition, and vertical bar separates alternatives):
OpenPGP Message :- Encrypted Message | Signed Message |
Compressed Message | Literal Message.
Compressed Message :- Compressed Data Packet.
Literal Message :- Literal Data Packet.
ESK :- Public Key Encrypted Session Key Packet |
Symmetric-Key Encrypted Session Key Packet.
ESK Sequence :- ESK | ESK Sequence, ESK.
Encrypted Data :- Symmetrically Encrypted Data Packet |
Symmetrically Encrypted Integrity Protected Data Packet
Encrypted Message :- Encrypted Data | ESK Sequence, Encrypted Data.
One-Pass Signed Message :- One-Pass Signature Packet,
OpenPGP Message, Corresponding Signature Packet.
Signed Message :- Signature Packet, OpenPGP Message |
One-Pass Signed Message.
In addition, decrypting a Symmetrically Encrypted Data Packet or a
Symmetrically Encrypted Integrity Protected Data Packet as well as
decompressing a Compressed Data packet must yield a valid OpenPGP
A One-Pass Signed Message requires an OpenPGP Message and the other
rules indicates that an empty OpenPGP Message is not allowed.
More information about the Gnupg-users