Okay, I finally tracked down the problem. :)
OpenPGP requires end-of-line to be \r\n (as in DOS and CP/M) when
computing signatures as well as escaping lines that start with a -
by sneaking in a space after them to break quoted signatures from being
parsed. This is done in sign.c in write_dash_escaped.
This function is -only- used for clearsigned stuff. (MIME is basically
detached sigs, with the ugliness of MIME handling the breaks between
body and signature.)
The problem is that: gpg --clearsign test will fail if the file ends
with a blank line. Well, not fail, really: it verifies fine and dandy
with both PGP5 and GPG, but the last blank line is removed. There's
also an ugly side effect that you should have a blank line after your
.signature or it will cram the PGP SIG right next to your .signature and
look ugly.
In short, it was dropping the last \r\n from a file (and since these are
magically converted from \n on input, it would strip the ending \n of a
typical Unix file.)
The fix is to deal with the state machine in write_dash_escape: if the
file ends with a \r\n[EOF], then state = 2, but the \r\n hasn't been
added to the SIG. I inserted at sign.c, line 513:
if( state == 2 ) { /* file ended with a new line */
md_putc(md, '\r');
md_putc(md, '\n');
iobuf_put( out, '\n');
}
Which throws the two characters into the the digest (they've already
been output), and then adds a blank line, since the final blank line is
discarded according to OpenPGP (and verified with PGP5 and GPG).
I probably -should- output \r\n instead of \n, but I dislike seeing ^M
all over my screen, and OpenPGP requires the \n to be converted to \r\n
when verifying anyway.
--
Brian Moore | "The Zen nature of a spammer resembles
Sysadmin, C/Perl Hacker | a cockroach, except that the cockroach
Usenet Vandal | is higher up on the evolutionary chain."
Netscum, Bane of Elves. Peter Olson, Delphi Postmaster
OpenPGP requires end-of-line to be \r\n (as in DOS and CP/M) when
computing signatures as well as escaping lines that start with a -
by sneaking in a space after them to break quoted signatures from being
parsed. This is done in sign.c in write_dash_escaped.
This function is -only- used for clearsigned stuff. (MIME is basically
detached sigs, with the ugliness of MIME handling the breaks between
body and signature.)
The problem is that: gpg --clearsign test will fail if the file ends
with a blank line. Well, not fail, really: it verifies fine and dandy
with both PGP5 and GPG, but the last blank line is removed. There's
also an ugly side effect that you should have a blank line after your
.signature or it will cram the PGP SIG right next to your .signature and
look ugly.
In short, it was dropping the last \r\n from a file (and since these are
magically converted from \n on input, it would strip the ending \n of a
typical Unix file.)
The fix is to deal with the state machine in write_dash_escape: if the
file ends with a \r\n[EOF], then state = 2, but the \r\n hasn't been
added to the SIG. I inserted at sign.c, line 513:
if( state == 2 ) { /* file ended with a new line */
md_putc(md, '\r');
md_putc(md, '\n');
iobuf_put( out, '\n');
}
Which throws the two characters into the the digest (they've already
been output), and then adds a blank line, since the final blank line is
discarded according to OpenPGP (and verified with PGP5 and GPG).
I probably -should- output \r\n instead of \n, but I dislike seeing ^M
all over my screen, and OpenPGP requires the \n to be converted to \r\n
when verifying anyway.
--
Brian Moore | "The Zen nature of a spammer resembles
Sysadmin, C/Perl Hacker | a cockroach, except that the cockroach
Usenet Vandal | is higher up on the evolutionary chain."
Netscum, Bane of Elves. Peter Olson, Delphi Postmaster