Mailing List Archive

On Wed, Nov 11, 1998 at 11:11:41PM +0300, Michael Sobolev wrote:
> I have a problem of some kind. Either I do understand what I do, or a bug is
> found.
>
> mss@despair$ gpg --clearsign file.html
> <snip>
> mss@despair$ gpg --verify file.html.asc
> gpg (GnuPG) 0.4.2; Copyright (C) 1998 Free Software Foundation, Inc.
> This program comes with ABSOLUTELY NO WARRANTY.
> This is free software, and you are welcome to redistribute it
> under certain conditions. See the file COPYING for details.
>
> gpg: Warning: using insecure memory!
> gpg: Signature made Wed Nov 11 23:07:35 1998 MS using DSA key ID A0362DB0
> gpg: BAD signature from "Michael Sobolev <mss@despair.transas.com>"
>
> What to do?

Okay, this seems to be caused by a missing "Hash: " line.

(I force the hash to SHA1 so that PGP5 users can verify my signature,
but the Hash: line is left out of the GPG item.)

I think there's a difference in the defaults between PGP5 and GPG on
what hash is used: with PGP5, SHA1 is assumed if there is no Hash line:
in GPG, the default seems to be MD5.

I'll defer to Werner the code to fix that, but a trivial workaround is
to insert 'Hash: hashname' after the -----BEGIN PGP SIGNED MESSAGE-----
line. (The line itself isn't used as part of the signature, so if you
add the line it should verify just fine with GPG and PGP5.)

--
Brian Moore | "The Zen nature of a spammer resembles
Sysadmin, C/Perl Hacker | a cockroach, except that the cockroach
Usenet Vandal | is higher up on the evolutionary chain."
Netscum, Bane of Elves. Peter Olson, Delphi Postmaster

brian moore <bem@cmc.net> writes:

> I think there's a difference in the defaults between PGP5 and GPG on
> what hash is used: with PGP5, SHA1 is assumed if there is no Hash line:
> in GPG, the default seems to be MD5.

RFC2440 (OpenPGP) says that the default is MD5 - at least the last
time I checked the draft. Okay, the source (mainproc.c:proc_plaintext)
tells me that we need a hash - I think I have to read the RFC again.


Werner

On Fri, Nov 13, 1998 at 09:23:11PM +0100, Werner Koch wrote:
> brian moore <bem@cmc.net> writes:
>
> > I think there's a difference in the defaults between PGP5 and GPG on
> > what hash is used: with PGP5, SHA1 is assumed if there is no Hash line:
> > in GPG, the default seems to be MD5.
>
> RFC2440 (OpenPGP) says that the default is MD5 - at least the last
> time I checked the draft. Okay, the source (mainproc.c:proc_plaintext)
> tells me that we need a hash - I think I have to read the RFC again.

Weird, that certainly is what it says:

If the "Hash" armor header is given, the specified message digest
algorithm is used for the signature. If there are no such headers,
MD5 is used, an implementation MAY omit them for V2.x compatibility.
If more than one message digest is used in the signature, the "Hash"
armor header contains a comma-delimited list of used message digests.

Strangely, I haven't changed a thing and now it works..

I even used the same macro in vile to do it.

(The mail I sent to the internic yesterday didn't verify with GPG,
though PGP5 would verify it just fine. Adding the Hash: SHA1 manually
convinced both to be happy with it.)

My vile macro, which signs everything but the headers, suitable for news
and old-non-mime mailings. (Yes, I'd rather use Mutt's miming, but
Internic doesn't seem to like that.)

31 store-macro
set-variable %phrase &cat @"PGP PassPhrase? " "\n"
write-message " " ; erase passphrase
set-variable %cmd "gpg --passphrase-fd 0 --clearsign --batch -u 88322B51"
beginning-of-file
search-forward "^[ \t]*$"
set-named-mark q
~force down-line
insert-string %phrase
; no reason to keep this around.
set-variable %phrase "------------------------------"
~force up-line-at-bol
filter-til end-of-file %cmd
goto-named-mark q
down-line
~force delete-til search-forward "^--*BEGIN PGP SIGNED MESSAGE"
; gpg converts end of line to \r\n, which I find annoying... strip
; them.
~force substitute-til goto-line "\r$" ""
~endm


--
Brian Moore | "The Zen nature of a spammer resembles
Sysadmin, C/Perl Hacker | a cockroach, except that the cockroach
Usenet Vandal | is higher up on the evolutionary chain."
Netscum, Bane of Elves. Peter Olson, Delphi Postmaster

On Fri, Nov 13, 1998 at 11:24:44AM -0800, brian moore wrote:
> On Wed, Nov 11, 1998 at 11:11:41PM +0300, Michael Sobolev wrote:
> > mss@despair$ gpg --clearsign file.html
> > mss@despair$ gpg --verify file.html.asc
>
> Okay, this seems to be caused by a missing "Hash: " line.
Sorry, I did not quite catch. Do you mean that by default gpg uses one hash
algorithm while signing, and another while verifying? That would be strange...

--
Mike

Michael Sobolev <mss@despair.transas.com> writes:

> Sorry, I did not quite catch. Do you mean that by default gpg uses one hash
> algorithm while signing, and another while verifying? That would be strange...

Yes, in some cases. Remember that GnuPG is able to work as a filter,
so it cannot look at the signature at the end of a cleartext signed
message which has the information which Hash algorithm has been used
for the signature. So if there is no "Hash:" line at he beginning of
a cleartext signature, GnuPG should calulated the hash with all
available algorithms and then later when it sees the hash algorithm
used in the signature use this hash to verify the signature.
Calculating the hashs whith all algorithm takes a little bit longer
but it works without the "Hash:" line. Consider the "Hash:" line as a
hint which hash algorithm should be used.

Okay, I have to check whether this still works - I think I broke it
some time ago.


Werner