Invalid cross certification?

Werner Koch wk at
Wed Apr 9 10:25:06 CEST 2008

On Tue,  8 Apr 2008 19:22, dshaw at said:

> Digest algo 11 is SHA-224, which is fairly recent.  I believe it was
> added to libgcrypt somewhere in the 1.3.x development.  Does your

Right, since 1.3.0 (May 2007) but we neded to fixed the ASN OID in 1.3.2
(Dec 2007) to to an error in the OpenPGP RFC.  Given that Libgcrypt was
marked as development and gpg2 was not in wide use we did not put this
workaround for the changed OID into GnuPG-2:

	/* This code is to work around a SHA-224 problem.  RFC-4880
	   and the drafts leading up to it were published with the
	   wrong DER prefix for SHA-224.  Unfortunately, GPG pre-1.4.8
	   used this wrong prefix.  What this code does is take all
	   bad RSA signatures that use SHA-224, and re-checks them
	   using the old, incorrect, DER prefix.  Someday we should
	   remove this code, and when we do remove it, pkcs1_encode_md
	   can be made into a static function again.  Note that GPG2
	   does not have this issue as it uses libgcrypt, which is
	   being fixed while it is still a development version. */

However if you know verify a signature created with a faulty SHA-224
signature, gpg2 will flag it as bad.  

I hesitate to put the workaround into gpg2 unless more people complain
about this problem.  It would be better to fix the back signature.  What
about having gpg print a notice pointing to an online FAQ entry?



Die Gedanken sind frei.  Auschnahme regelt ein Bundeschgesetz.

More information about the Gnupg-users mailing list