GPG Signature Verification

Paul Taukatch ptauk at
Thu Apr 20 21:17:06 CEST 2017

Hello and thank you for taking the time to help out!

I am developing my own implementation of the PGP specification and have a
question regarding the signature generation/verification for Transferable
Public Keys that maybe one of you could help shed some light on. Currently
I create a single primary RSA key and userID and bind the two with a
certification self-signature (0x13). When importing this certificate into
GPG I get a  a signature verification failure which prevents the
certificate from importing.

I've read through the rfc4880, 5.2.4 - Computing Signatures section quite
thoroughly and believe I am generating the signature properly - Signing the
Hash context of the primary key + user ID + signature data (V4).

One thing I notice in the debug info is that the first  several few bytes
of the  rsa_verify data and rsa_verify cmp do not match.

DBG: rsa_verify
data:+01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:                  		ffffffffffffffffffffff0030
31300d06096086480165030402010500042007 \

DBG: rsa_verify
cmp:+01ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff \
DBG:                  		ffffffffffffffffffffffffff0030
2f300b0609608648016503040201042007 \

Does anyone know exactly what this verify data is comprised of? I notice
that the hash of the (Primary Key + UserID + Signature Data hash context) =
073D952C71B2D7C2C945C60F828F087E1D517774F84FE30825F18709659466E7 which
seems to match for both the verify data and cmp.

I've attached my public key and debug log but please let me know if there
is any other information that might be helpful.

(See attached file: exportZPGPTest.bin)(See attached file: debug.txt)

Thanks Again!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20170420/dbc23c8b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: exportZPGPTest.bin
Type: application/octet-stream
Size: 489 bytes
Desc: not available
URL: </pipermail/attachments/20170420/dbc23c8b/attachment.bin>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: debug.txt
URL: </pipermail/attachments/20170420/dbc23c8b/attachment.txt>

More information about the Gnupg-users mailing list