Problem interoperating with PGP Univeral?

Werner Koch wk at
Mon Apr 2 11:24:45 CEST 2007

On Mon,  2 Apr 2007 09:40, patrick at said:

>>> I can provide some more details on this. GnuPG 1.4.7 returns with this
>>> error message "gpg: can't handle this ambiguous signature data".

Well, PGP is broken:

  Content-Type: text/plain;
  Content-Transfer-Encoding: 7bit
  Content-Disposition: inline;
  Version: PGP Universal 2.5.3

This should be a detached signature, but 
  $ gpg --list-packets -v x.sig
  gpg: armor header: Version: PGP Universal 2.5.3
  :marker packet:
   50 47 50
  :onepass_sig packet: keyid FDCED7B2A2C2FE33
          version 3, sigclass 01, digest 2, pubkey 17, last=1
  :signature packet: algo 17, keyid FDCED7B2A2C2FE33
          version 3, created 1175181861, md5len 5, sigclass 0x01
          digest algo 2, begin of digest 0b c4
          data: [157 bits]
          data: [160 bits]

So what we have is an ascii armor with a marker packet (that is okay),
followed by a one-pass signature packet directly followed by the
signature packet.  Between the one-pass signature packet and the
signature packet, a literal data packet is expected.

Here is the OpenPGP packet grammar:

    An OpenPGP message is a packet or sequence of packets that
    corresponds to the following grammatical rules (comma represents
    sequential composition, and vertical bar separates alternatives):

    OpenPGP Message :- Encrypted Message | Signed Message |
                       Compressed Message | Literal Message.

    Compressed Message :- Compressed Data Packet.

    Literal Message :- Literal Data Packet.

    ESK :- Public Key Encrypted Session Key Packet |
           Symmetric-Key Encrypted Session Key Packet.

    ESK Sequence :- ESK | ESK Sequence, ESK.

    Encrypted Data :- Symmetrically Encrypted Data Packet |
          Symmetrically Encrypted Integrity Protected Data Packet

    Encrypted Message :- Encrypted Data | ESK Sequence, Encrypted Data.

    One-Pass Signed Message :- One-Pass Signature Packet,
                OpenPGP Message, Corresponding Signature Packet.

    Signed Message :- Signature Packet, OpenPGP Message |
                One-Pass Signed Message.

    In addition, decrypting a Symmetrically Encrypted Data Packet or a
    Symmetrically Encrypted Integrity Protected Data Packet as well as
    decompressing a Compressed Data packet must yield a valid OpenPGP

A One-Pass Signed Message requires an OpenPGP Message and the other
rules indicates that an empty OpenPGP Message is not allowed.



More information about the Gnupg-users mailing list