On Mon, 26 Dec 2005 13:32:13 -0800 "Daniel A. Nagy"
<nagydani(_at_)epointsystem(_dot_)org> wrote:
On Mon, Dec 26, 2005 at 05:03:59PM +0000, Ben Laurie wrote:
I have just tested GPG yet again, and cleartext signatures of
two files,
one without a newline at the end, and one with, look identical:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
test
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)
Yepp, that's a bug in GPG and it does not follow from the spec. My
implementation does not do that. In my opinion, the correct
behavior would
be reversible.
The output of gpg --clearsign should be identical to that
converted from the
output of gpg -ts.
i really can't see any bug in gnupg about this
gnupg clearsigns exactly what the user gives it
if the user gives it text with no empty line after it,
then the signature block begins right after the text
if the user wants a blank line and includes the line return,
then gnupg signs after the empty line
they are *not* identical or interchangeable
here are two, one with the empty line,
and one without:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
test
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Acts of Kindness better the World, and protect the Soul
iQIVAwUBQ7BzPayhY/YEre4gAQgQGBAAhBa1fSRR/gajgxH77fVAUn4UXQPiB9/b
ZTYhwLBaGi6JtyH3JiKCKlLFFqlioGkuXKORu0mq5zOF+jDHNOTSrKAQ5Px0u7XL
Kt4xpV5x2EIGXo3aTl7Z+NFDkXBGQ+EombpZhRg4bhH+1jWc5R6M3VzIEhojqZfy
4RxAKxrtswZYCzlat860lrLuMSbpJYEQmN9i127o31aBc8AlX0cV5RTUMxVOh6ql
KR2Xv5kQkWw3rATrliluFzUzyFAoIOYPiILWhYuG5/ONBqC+L0ap/HO0fL7+aB03
woZBfJ/AEyJU/bKSV1/yyJCsLO73olv+MG5ugFrR2dRfcFDG7GNhJPxI8a8iV7S1
mXhoJS8EQZqL1qN7fV14IL5VF5weTothV0FO4CnewX+pXXH/SNsGEXh0Y7+P4UG+
Z4Vinlv7V8JJIE5lz1ISULPeLKhFUT7L7YesMHs+WpOm1sWD0KJIh+PZNrPSmVmB
Ordu/Eob4ICupSMZkdgQ2AUY8GUUkiUvM2+OexdVo73P07V7DVNixoukEtEA+hVx
GmYVSQvpQ5edjXP/DITkQF+JI4FdsWl7McpgmpntSFqj+p99XCXBz3DozvuyuY/x
baA7SKK+mUVzvhzyM2Pu03RV0XQv5un+zeulaOEkR9WsHqCHM2GDhIwYZayuq58q
GVWZ1eiaFao=
=uGPl
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
test
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Acts of Kindness better the World, and protect the Soul
iQIVAwUBQ7BzkqyhY/YEre4gAQjcbg//fj4Y4nfzqHLT57Ud/ru7vPf28vv1x5ph
rIV2NUHrrg5rEJ+zt6mj/OsrlOZV8ijcK21hUj/YWPuZOYN6PSme5M5gDYz8qQAe
baXnTeh0nuEPdKiH/sYo6jqFw7umRTQk+9vbgGuWnwMTtwoWIXt4zxKkSX1SSJi2
3XKVebMl0LlXPnLTIDyYRHmuJUux+2lEculEBo0gi/SDI3X6KOMWdUrXqVaQBnYe
0QZGGk3MN8NMtUhioOUMLrK1EN5DeGHaJG7Q1I8B9cma50fYEZTc097Rl8KDKPwS
2UfVCzO/Rc00yi8VFrmIglzwvOAd0cYYYfoNUjmJj6vILrpNqj+3KQOt7lG3fOUQ
Pq/QRmB6Hoy7nm8wP3KrQPlbz3Ntbhbqnc/x+yhm3p1QndwnJpvSOjXiLcxim7Ij
OAv14bXUhy5HKWwlDIZVessW1Hnz3IjDizw82Ct6VMtFpL0YmHmD+KD6tMRw1XIF
973u7ub/vGRNg2yPA1UfpEFnZZeUwgkvK0hs2FB9aSGi4gsg3rZmxgu108KpUMak
AOA3zwalf+omfZCJSLJNtRb3iF9bpsidw238npKU7dahOH5MNLykk7+zsk2ONsn7
RYkaf4W1st2DgGcnpNYx+PmN2SPgWMJxTzmPpJATgxdgkONEzU9NDdaL3SvxskYo
+5DxZzT/4bU=
=+LRk
-----END PGP SIGNATURE-----
addition or subtraction of the empty line, invalidates the signature
and this is also true of all commandline pgp versions
vedaal
Concerned about your privacy? Instantly send FREE secure email, no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485