[Top] [All Lists]

Re: [openpgp] Implementers: does your OpenPGP tool gracefully discard signature packets of unknown version?

2022-05-03 07:28:16
Hi Paul--

On Tue 2022-05-03 11:29:39 +0200, Paul Schaub wrote:

Bouncy Castle is choking on unknown packet versions unfortunately. I got 
a fix for signatures merged upstream (I'm not affiliated with the Bouncy 
Castle project), so at least unknown signature versions will now be 

Thanks for pushing these fixes into the infrastructure!  Can you point
to the specific fix where that was done?  That might be usfeul if any
distributors need to think about backporting.

however unknown PKESK packets still cause issues. I guess
future-proofing BC takes some more work.

v5 PKESK packets are only emitted with v2 SEIPD packets, so in that
sense there's no significant problem -- an implementation that can't
read v5 PKESK won't be able to decrypt v2 SEIPD either.  It's the
signatures that i'm most concerned about.


Attachment: signature.asc
Description: PGP signature

openpgp mailing list
<Prev in Thread] Current Thread [Next in Thread>