Problem interoperating with PGP Univeral?
Jason Harris
jharris at widomaker.com
Sun Apr 8 17:37:20 CEST 2007
On Mon, Apr 02, 2007 at 11:24:45AM +0200, Werner Koch wrote:
> On Mon, 2 Apr 2007 09:40, patrick at mozilla-enigmail.org said:
> >>> I can provide some more details on this. GnuPG 1.4.7 returns with this
> >>> error message "gpg: can't handle this ambiguous signature data".
>
> Well, PGP is broken:
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Universal 2.5.3
>
> qANQR1DEDQMBAhH9zteyosL+MwHCPwMFAUYL2iX9zteyosL+MxECC8QAnRhWP2Sx
> Ex7VcRL+wBVB2C7lksYAAKCYHvRP7E8vA5jKNgigU0o4kbFn4w==
> =lOCI
> -----END PGP SIGNATURE-----
>
> This should be a detached signature, but
http://www.mailscanner.info/files/4/tar/MailScanner-install-4.58.9-1.tar.gz.sig
seems to have the same problem:
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.5.3 (Build 5003)
qANQR1DEDQMAAhER9llHFBW2VAHCPwMFAEXCAV0R9llHFBW2VBECL1sAoK20XoXM
yfp8cdno1BQa81FA7xiFAJ4vY6UUI9dlHY8TjDyKuz+VenV94g==
=57gK
-----END PGP SIGNATURE-----
> $ gpg --list-packets -v x.sig
> gpg: armor header: Version: PGP Universal 2.5.3
> :marker packet:
> 50 47 50
> :onepass_sig packet: keyid FDCED7B2A2C2FE33
> version 3, sigclass 01, digest 2, pubkey 17, last=1
> :signature packet: algo 17, keyid FDCED7B2A2C2FE33
> version 3, created 1175181861, md5len 5, sigclass 0x01
> digest algo 2, begin of digest 0b c4
> data: [157 bits]
> data: [160 bits]
pgpdump adds packet sizes, which are useful (below):
%pgpdump MailScanner-install-4.58.9-1.tar.gz.sig
Old: Marker Packet(tag 10)(3 bytes)
String - ...
New: One-Pass Signature Packet(tag 4)(13 bytes)
New version(3)
Sig type - Signature of a binary document(0x00).
Hash alg - SHA1(hash 2)
Pub alg - DSA Digital Signature Algorithm(pub 17)
Key ID - 0x11F659471415B654
Next packet - other than one pass signature
New: Signature Packet(tag 2)(63 bytes)
Ver 3 - old
Hash material(5 bytes):
Sig type - Signature of a binary document(0x00).
Creation time - Thu Feb 1 10:03:57 EST 2007
Key ID - 0x11F659471415B654
Pub alg - DSA Digital Signature Algorithm(pub 17)
Hash alg - SHA1(hash 2)
Hash left 2 bytes - 2f 5b
DSA r(160 bits) - ...
DSA s(158 bits) - ...
-> hash(160 bits)
> So what we have is an ascii armor with a marker packet (that is okay),
> followed by a one-pass signature packet directly followed by the
> signature packet. Between the one-pass signature packet and the
> signature packet, a literal data packet is expected.
Fortunately, these semi-detached signature(s) can still be used:
%gpg --dearmor < MailScanner-install-4.58.9-1.tar.gz.sig | tail -c 65 > MailScanner-install-4.58.9-1.tar.gz.sign
% gpg ... *.sign
[snip]
[GNUPG:] VALIDSIG EE81D7633DB00BFDE1DC722211F659471415B654 2007-02-01 1170342237 0 3 0 17 2 00 EE81D7633DB00BFDE1DC722211F659471415B654
(Julian <jkf at soton...> BCC'd)
--
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris at widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/
Got photons? (TM), (C) 2004
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 313 bytes
Desc: not available
Url : /pipermail/attachments/20070408/f6a92359/attachment.pgp
More information about the Gnupg-users
mailing list