Implementation question: validating left two of signatures
David Shaw
dshaw at jabberwocky.com
Fri Aug 12 23:11:16 CEST 2011
On Aug 12, 2011, at 3:27 PM, brian m. carlson wrote:
> I have a quality-of-implementation question (more in general than
> specifically about GnuPG). I am writing an implementation of OpenPGP
> that verifies signatures, among other things.
>
> Signatures contain the left two bytes of the hash as a quick check.
> I've noticed that a small number of signatures are in fact valid even
> though this quick check does not match the hash. Is it considered
> acceptable to fix up this value if it is wrong? If not, is it
> acceptable to treat two signatures as the same signature if they are
> identical but for the left two? Does GnuPG (or any other
> implementation) actually give any credence to the left two whatsoever?
I can't speak for other implementations, but GnuPG does not look at the left two at all, and jumps right into checking the whole signature. It *generates* the quick check bytes, of course, as that is mandated by the standard, but it does not look at them itself.
I think that behavior is fine - the real check is the signature itself.
> If there's an OpenPGP implementers' list or another, more appropriate
> forum, please feel free to point me in that direction. I couldn't find
> one, so I posted here.
You might also try the ietf-openpgp list: http://www.imc.org/ietf-openpgp/
David
More information about the Gnupg-users
mailing list