Wrong signature hash detection?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri May 7 05:15:10 CEST 2010 

On 05/06/2010 10:43 PM, Hauke Laging wrote:
> It says SHA1 though according to my understanding
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.14 (GNU/Linux)
> 
> iQFMBAABAgA2BQJL43F6LxpodHRwOi8vd3d3LmhhdWtlLWxhZ2luZy5kZS9vcGVu
> cGdwL3BvbGljeS5odG1sAAoJEDlYRfZ/Y35735kIAIP2LgRqxhySQ0kaOSnFZfWs
> YgvqeYYGHUeLIQzfGCbxD2VE0CzSQPNN3GabpsXF2DQ5xUh25n+9pu34gPAMvD6v
> QKM8B31vkSj/KEuCZUXMOBiEDVBQn6ypR9ZmOSo991Lm84fIaOhx8rQ0d1kWxWuH
> CRHemF49FSCxF/5CMcx+HMWjN6lKhQFK3z61In23Xjmf+dRFYxbPkInqu4tw6q4b
> OODVVsK8FhCWz2aUNBSgWzwhmwwCD1R4/IblMejrStsbT0tFNzVbg3KKIQ7bHUD5
> k++hjk0K332ZXnR4X9jZku7FPpgAtp44/k0Op+yGZqW6RW6zu5s5fFPnkijef6U=
> =eaxc
> -----END PGP SIGNATURE-----
> 
> is obviously not an SHA1 signature. The check deliveres the correct result for 
> the signature of the other key (which I created immediately before on the same 
> system):


What makes you say this is "obviously not an SHA1 signature" ?  When i
pipe it through pgpdump, i get this:

Old: Signature Packet(tag 2)(332 bytes)
	Ver 4 - new
	Sig type - Signature of a binary document(0x00).
	Pub alg - RSA Encrypt or Sign(pub 1)
	Hash alg - SHA1(hash 2)
	Hashed Sub: signature creation time(sub 2)(4 bytes)
		Time - Thu May  6 21:48:42 EDT 2010
	Hashed Sub: policy URL(sub 26)(46 bytes)
		URL - http://www.hauke-laging.de/openpgp/policy.html
	Sub: issuer key ID(sub 16)(8 bytes)
		Key ID - 0x395845F67F637E7B
	Hash left 2 bytes - df 99
	RSA m^d mod n(2048 bits) - ...
		-> PKCS-1


and gpg --list-packets shows this:

:signature packet: algo 1, keyid 395845F67F637E7B
	version 4, created 1273196922, md5len 0, sigclass 0x00
	digest algo 2, begin of digest df 99
	hashed subpkt 2 len 4 (sig created 2010-05-07)
	hashed subpkt 26 len 46 (policy:
http://www.hauke-laging.de/openpgp/policy.html)
	subpkt 16 len 8 (issuer key ID 395845F67F637E7B)
	data: [2048 bits]


Both of which suggest that the digest used is in fact SHA1.

Are you judging based on the size of the block?  RSA signatures are
significantly larger than DSA signatures, even though they sign over the
same digest algorithm.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100506/835d7715/attachment-0001.pgp>

More information about the Gnupg-users mailing list