On Wed, 11 Oct 2006 06:21:50 -0400 "Nickolay L." <ni4(_at_)ukr(_dot_)net>
wrote:
I cannot resolve, how to correctly calculate multiple signatures
over
the document. I'm hashing entire document body + beginning of
signature (as described in 2440), and everything is ok.
But, when I'm producing two old-style signatures :
1) GnuPG checks only the first one, and says that it's ok
2) PGP 8.1 checks both, but says that first one is invalid, and
the
second is ok
Producing two new-style signatures (with one-pass signature
packets),
getting :
1) GnuPG checks both, and says that they're correct.
2) PGP 8.1 checks both, and says that first is invalid, and second
one
is valid.
It seems, that PGP calculates the signature over the whole
document +
bodies of other signatures.
But from 2440 it seems, that signed hash must not include other
signatures.
Please, anybody can clearly describe, what behavior is correct?
And, maybe, such situation must be described in 2440?
do not know what is 'correct',
but do know what is *compatible*
using the sample keypairs that were posted here,
here is an example of a message signed by both sample keys, and
encrypted to one of them,
with both signatures verifiable as 'good'
by both gnupg and pgp :
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: double-signed, encrypted, passphrase = password
hQIOAyYaxlDFAtObEAf/R/PHOXh+iYUHDCLCWqP6BQv/zw+hvsHHxgY2wk4kOR9C
K3pMWo1JHOHhdqjmSGqamw7dDAPPz2wn3KDnnNzf0cnxKi7xDpalkbi6LD2pbtbm
nNf7XWVU1iAaJDRFzN4qpeoJacl/Vdghph2OsWebRzbH2npjqEqIoIIEWsDk0XbH
f0c9xlkAprouzsGT5VQb9WRS+MhBUewPbrn5wfYAZxN2dUbhERox5PJRkMiCsbVC
GPaVXbFgYOyCO9KYY1BbZZYvqBOrVkbIqGBXIlx8oWWSSXQXFaA+jy5Vx5O0vFt3
43Dq67CfkPiUnmgnmQywq5uRwfsXbBJsZ8JyQq+3ogf/VUQ/oPqHJawPt2rwnbCB
sYjBmJoCYj7z4KMNzrp6mska+9wvxQ1p86oxk6nl1JTfKIerte10Ljfo46aG/HIJ
zjZa8vJMKx0bGf6bo2tqwq2TGevs7Zfh/qBNEqY09DnNTbmRFYMDmZ4ektR9OkbT
heTIhsMx6NOjE0k5WbSQwATdaeut8Dep4Dk+XVo2MTCRAo6rpxjM+jtfJTmd8cR8
mBGPKiuzk3V2dEyw23cWV+CFK8v5vwfAUJY6m+QGDBewAdEMxhjESvQiH1rwrZcS
W4p2GZIdfrE+dkQGl5vQ9EWywZzP/mqEvg4CMAK2V3DKuvLe/yrx1yZIKicpgUsR
AYUBDANhDmKfZ2eDtQEH/RAZ6fK0UIXOZteWo5gPVXytfLRKRldGTImhDNs1MAS3
4yqqg0PWcQwi+lBQg1P9rjPDiS1uNUFCtY1DuOWWKtYMHrBDFIhvAm9I7fwJsUVg
slQk6eiLmEfe1REIjwl7N4k6LAEuP5nlKhMn/4a+X+HZy4qT9kFe5xfCvHVlt3qC
MSu6BwJzHFLx03mNR2J3iY1GpMwVh37G8LiWc9vkJCeSx/TYr90wOqs0asPrYUEU
aHbkWt8y+fjSOH8Sp7itGTVtpAT76B5AhyctLfpCMJEQDOCv9z89mIhDvgbXxeyO
JqsX5jT3QD5b04RfwygUFrPm8Qu4nENZjIm5wn4seEjSwQEBq3teHpA5pAQGuP65
aaHASYUIpI077+S4pUnazwrTQxyrvtDAeyTrP6iA6kvq4fUSWYJC5MhS4Cfs5zkB
4/FkbT5/HyNHLVjRpIVL8SriXgwfWYhQDfIaXwTmD7Jx33Zxpn/Aj37B/0AalLT5
WC55AyV3r1mTEkTPM7wR0oqs+pPKxnFFShj2rOQsN/JrVQfe7hnerxQQZVuKyFvs
hYKgyFii+6XiWE+kLn2y6J2jDpz2OpQFjAj/dh+Hts2EqO54ZgZ/DnaHpB8+04k2
SDq/SuVrVxU4mq3x9HTGljlnrg6Y2NQPr/4pnFTiUbx1e4IZjXc1Xn1WZFm3Z1oy
MkGG2876asXh0JozkdRqcstCboLDb7DfNfpe98WuocUWeTHvWp4x+0mtTVFMNW3I
9qsK7Nk4ZXUUVs/cawWT957FsxAreNJgPcEwzkMLsiS/PSLv9r7fJA9fFcUK4YCG
9N/JlMuaZSYz+AuuinVFVVglAnkK8DTEQaY84Y14P8oZ8nqraKsI51aQodXBEOh9
YRsqUhIWJLUG3ujJCHwisa2d6qDSUajjQhW5Jgu/EWDcECoiNnL5Ajs4HFmsF+g3
NGLoEA==
=0xrg
-----END PGP MESSAGE-----
here is the verbose gnupg output upon decryption:
:pubkey enc packet: version 3, algo 16, keyid 261AC650C502D39B
data: [2047 bits]
data: [2047 bits]
You need a passphrase to unlock the secret key for
user: "Sample SecureBlackbox PGP key<info(_at_)eldos(_dot_)com>"
2048-bit ELG-E key, ID C502D39B, created 2005-12-13 (main key ID
2A35EB74
:pubkey enc packet: version 3, algo 1, keyid 610E629F676783B5
data: [2045 bits]
:encrypted data packet:
length: 449
mdc_method: 2
:compressed packet: algo=1
:onepass_sig packet: keyid 610E629F676783B5
version 3, sigclass 00, digest 8, pubkey 1, last=0
:onepass_sig packet: keyid A97CE19B2A35EB74
version 3, sigclass 00, digest 8, pubkey 17, last=1
:literal data packet:
mode b (62), created 1161276131, name="mst.txt",
raw data: 21 bytes
:signature packet: algo 17, keyid A97CE19B2A35EB74
version 3, created 1161276131, md5len 5, sigclass 00
digest algo 8, begin of digest 09 57
data: [157 bits]
data: [158 bits]
:signature packet: algo 1, keyid 610E629F676783B5
version 3, created 1161276131, md5len 5, sigclass 00
digest algo 8, begin of digest 09 57
data: [2046 bits]
Press any key to continue . . .
gpg: armor: BEGIN PGP MESSAGE
gpg: armor header:
gpg: armor header:
gpg: public key is C502D39B
gpg: using subkey C502D39B instead of primary key 2A35EB74
gpg: using subkey C502D39B instead of primary key 2A35EB74
gpg: WARNING: cipher algorithm TWOFISH not found in recipient
preferences
gpg: public key encrypted data: good DEK
gpg: public key is 676783B5
gpg: encrypted with 2048-bit RSA key, ID 676783B5, created
12/13/2005
"Sample SecureBlackbox PGP key<info(_at_)eldos(_dot_)com>"
gpg: encrypted with 2048-bit ELG-E key, ID C502D39B, created
12/13/2005
"Sample SecureBlackbox PGP key<info(_at_)eldos(_dot_)com>"
gpg: TWOFISH encrypted data
gpg: original file name='mst.txt'
gpg: Signature made 10/19/2006 12:42:11 using DSA key ID 2A35EB74
gpg: Good signature from "Sample SecureBlackbox PGP
key<info(_at_)eldos(_dot_)com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to
the owner.
Primary key fingerprint: 4D52 32BB 2228 BAAB 8F1D C10E A97C E19B
2A35 EB74
gpg: binary signature, digest algorithm SHA256
gpg: Signature made 10/19/2006 12:42:11 using RSA key ID 676783B5
gpg: Good signature from "Sample SecureBlackbox PGP
key<info(_at_)eldos(_dot_)com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to
the owner.
Primary key fingerprint: 2B8C 0F9B C47B B6BD 06ED 87C5 610E 629F
6767 83B5
gpg: binary signature, digest algorithm SHA256
gpg: decryption okay
gpg: session key:
`10:F4CF7598DEC06A1FBDF5B79CB667616919D1443E045A4EA7C4B37C4FD9C0F77B
'
Time: 10/19/2006 1:04:45 PM (10/19/2006 5:04:45 PM UTC)
afaik,
gnupg is the only open-pgp implementation that can produce multiple
simultaneous signatures
in order for other implementations to do so too,
there should be some clear directions in rfc 2440 as to how to do
so in a way that would be compatible to all open-pgp programs
vedaal
Concerned about your privacy? Instantly send FREE secure email, no account
required
http://www.hushmail.com/send?l=480
Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485