A week or two ago I was trying to debug messages that were encrypted by
Cryptix and undecryptable by pgp5.x.
The problem turned out to be a confusion surrounding how pgp2.6 treated
clearsigned messages.
In the signature packet there is a signature type byte with values 00
and 01. This refers to the way in which the has is calculated over the
preceding text:
00 data is binary
01 data is text, treat as ISO Latin-1
with <CR><LF> endings (adding those
<CR> characters if necessary.
pgp 2.6 didn't mind if you did a 00 sig over a clear signed message.
Cryptix produced a binary sig over clear text (for some reason), and
everyone was happy until pgp5.x came along and assumed that clear signed
messages must be text.
I suggest we clarify this in the standard by saying that clearsigned
messages SHOULD be signed with sig type of 01, and that readers MAY
assume that cleartext messages are so signed.
Or some such language. The intent should be clear: there is validity in
assuming that clear-signed is sig type of text.
My thanks to Hal Finney and Colin Plumb for assisting in this.
--
iang systemics.com
FP: 1189 4417 F202 5DBD 5DF3 4FCD 3685 FDDE on pgp.com