Marco d'Itri <md@linux.it> writes:
> This signature made by gnupg can't be verified by pgp 2.
I found this bug - actually it is a bug in the pgp 2.x code:
PGP 2.x expects a 2 byte length header for signature packets
and complains about all 1 byte header packets; according to the
specs a 1 byte header is correct (and PGP 5 does it correct).
The solution is to use a 2 byte header for all RSA signatures with
packet version < 4. Because pgp 2.x also can't cope with the new packet
format (which are used for comments) you should use --no-comment if PGP 2
should be able to verify your messages; add it to your options file.
This patch is against 0.3.2 and should fix it.
Index: build-packet.c
===================================================================
RCS file: /usr/local/src/master/proj/psst+g10/src/g10/build-packet.c,v
retrieving revision 1.33
diff -u -r1.33 build-packet.c
--- build-packet.c 1998/07/06 10:23:47 1.33
+++ build-packet.c 1998/07/22 15:47:16
@@ -51,6 +51,7 @@
static int write_16(IOBUF inp, u16 a);
static int write_32(IOBUF inp, u32 a);
static int write_header( IOBUF out, int ctb, u32 len );
+static int write_sign_packet_header( IOBUF out, int ctb, u32 len );
static int write_header2( IOBUF out, int ctb, u32 len, int hdrlen, int blkmode );
static int write_new_header( IOBUF out, int ctb, u32 len, int hdrlen );
static int write_version( IOBUF out, int ctb );
@@ -669,7 +670,10 @@
for(i=0; i < n; i++ )
mpi_write(a, sig->data[i] );
- write_header(out, ctb, iobuf_get_temp_length(a) );
+ if( is_RSA(sig->pubkey_algo) && sig->version < 4 )
+ write_sign_packet_header(out, ctb, iobuf_get_temp_length(a) );
+ else
+ write_header(out, ctb, iobuf_get_temp_length(a) );
if( iobuf_write_temp( out, a ) )
rc = G10ERR_WRITE_FILE;
@@ -745,6 +749,18 @@
write_header( IOBUF out, int ctb, u32 len )
{
return write_header2( out, ctb, len, 0, 1 );
+}
+
+
+static int
+write_sign_packet_header( IOBUF out, int ctb, u32 len )
+{
+ /* work around a bug in the pgp read function for signature packets,
+ * which are not correctly coded and silently assume at some
+ * point 2 byte length headers.*/
+ iobuf_put(out, 0x89 );
+ iobuf_put(out, len >> 8 );
+ return iobuf_put(out, len ) == -1 ? -1:0;
}
/****************
> This signature made by gnupg can't be verified by pgp 2.
I found this bug - actually it is a bug in the pgp 2.x code:
PGP 2.x expects a 2 byte length header for signature packets
and complains about all 1 byte header packets; according to the
specs a 1 byte header is correct (and PGP 5 does it correct).
The solution is to use a 2 byte header for all RSA signatures with
packet version < 4. Because pgp 2.x also can't cope with the new packet
format (which are used for comments) you should use --no-comment if PGP 2
should be able to verify your messages; add it to your options file.
This patch is against 0.3.2 and should fix it.
Index: build-packet.c
===================================================================
RCS file: /usr/local/src/master/proj/psst+g10/src/g10/build-packet.c,v
retrieving revision 1.33
diff -u -r1.33 build-packet.c
--- build-packet.c 1998/07/06 10:23:47 1.33
+++ build-packet.c 1998/07/22 15:47:16
@@ -51,6 +51,7 @@
static int write_16(IOBUF inp, u16 a);
static int write_32(IOBUF inp, u32 a);
static int write_header( IOBUF out, int ctb, u32 len );
+static int write_sign_packet_header( IOBUF out, int ctb, u32 len );
static int write_header2( IOBUF out, int ctb, u32 len, int hdrlen, int blkmode );
static int write_new_header( IOBUF out, int ctb, u32 len, int hdrlen );
static int write_version( IOBUF out, int ctb );
@@ -669,7 +670,10 @@
for(i=0; i < n; i++ )
mpi_write(a, sig->data[i] );
- write_header(out, ctb, iobuf_get_temp_length(a) );
+ if( is_RSA(sig->pubkey_algo) && sig->version < 4 )
+ write_sign_packet_header(out, ctb, iobuf_get_temp_length(a) );
+ else
+ write_header(out, ctb, iobuf_get_temp_length(a) );
if( iobuf_write_temp( out, a ) )
rc = G10ERR_WRITE_FILE;
@@ -745,6 +749,18 @@
write_header( IOBUF out, int ctb, u32 len )
{
return write_header2( out, ctb, len, 0, 1 );
+}
+
+
+static int
+write_sign_packet_header( IOBUF out, int ctb, u32 len )
+{
+ /* work around a bug in the pgp read function for signature packets,
+ * which are not correctly coded and silently assume at some
+ * point 2 byte length headers.*/
+ iobuf_put(out, 0x89 );
+ iobuf_put(out, len >> 8 );
+ return iobuf_put(out, len ) == -1 ? -1:0;
}
/****************