Mailing List Archive: 1.0.3 fails to verify RSA signature, 1.0.2 is OK

1.0.3 fails to verify RSA signature, 1.0.2 is OK

Sep 30, 2000, 5:13 AM

Post #1 of 6 (1150 views)

ftp://ftp.wu-ftpd.org/pub/wu-ftpd/
wu-ftpd-2.6.1.tar.gz. . . . . . [Jul 1 19:13] 334K
wu-ftpd-2.6.1.tar.gz.asc. . . . [Jul 1 19:13] 1K

The signature verifies using gnupg 1.0.2 and load-extension rsaref.
It does not verify using stock gnupg 1.0.3, with or without rsaref.
--emulate-md-encode-bug makes no difference.

1.0.2 + load-extension rsaref
# ./gpg wu-ftpd-2.6.1.tar.gz.asc
gpg: Warning: using insecure memory!
Detached signature.
Please enter name of data file: wu-ftpd-2.6.1.tar.gz
gpg: Signature made Sun Jul 2 15:18:43 2000 EST using RSAREF key ID 62885875
gpg: Good signature from "WU-FTPD Development Group <wuftpd-members@wu-ftpd.org>"
Could not find a valid trust path to the key. Let's see whether we
can assign some missing owner trust values.

No path leading to one of our keys found.

gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
gpg: Fingerprint: B1 9B 35 09 FE 34 98 25 8C CD B8 4F 90 DB 42 82

1.0.3, with or without load-extension rsaref, using the same files and
keyring as 1.0.2.
# gpg wu-ftpd-2.6.1.tar.gz.asc
Detached signature.
Please enter name of data file: wu-ftpd-2.6.1.tar.gz
gpg: Signature made Sun Jul 2 15:18:43 2000 EST using RSA key ID 62885875
gpg: BAD signature from "WU-FTPD Development Group <wuftpd-members@wu-ftpd.org>"

Fingerprint, either version.
# gpg --fingerprint wuftpd
pub 1024R/62885875 1999-05-22 WU-FTPD Development Group <wuftpd-members@wu-ftpd.org>
Key fingerprint = B1 9B 35 09 FE 34 98 25 8C CD B8 4F 90 DB 42 82

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

Re: 1.0.3 fails to verify RSA signature, 1.0.2 is OK [ In reply to ]

johanw at vulcan

Sep 30, 2000, 5:47 AM

Post #2 of 6 (1152 views)

You, Keith Owens, wrote:

> The signature verifies using gnupg 1.0.2 and load-extension rsaref.
> It does not verify using stock gnupg 1.0.3, with or without rsaref.

Why do you use the rsaref module instead of the normal rsa module, which is
already integrated in gpg 1.0.3?

Maybe this comment from the rsaref.c source applies:

RSAREF is limited in key size and in the coding of the encrypted data.
Everything that passes through RSAREF must be coded in PCKS #1. The
GPG module interface places no such restriction on the module itself,
but fortunately it happens to pass PCKS #1 coded data in. It is
transparently decoded and recoded as necessary.

--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

Re: 1.0.3 fails to verify RSA signature, 1.0.2 is OK [ In reply to ]

Sep 30, 2000, 11:42 AM

Post #3 of 6 (1143 views)

On Sat, 30 Sep 2000 14:47:34 +0200 (MET DST),
Johan Wevers <johanw@vulcan.xs4all.nl> wrote:
>You, Keith Owens, wrote:
>
>> The signature verifies using gnupg 1.0.2 and load-extension rsaref.
>> It does not verify using stock gnupg 1.0.3, with or without rsaref.
>
>Why do you use the rsaref module instead of the normal rsa module, which is
>already integrated in gpg 1.0.3?

I repeat: It does not verify using stock gnupg 1.0.3, with or without
rsaref. I tried 1.0.3 without load-extension rsaref and it still
failed to verify.

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

Re: 1.0.3 fails to verify RSA signature, 1.0.2 is OK [ In reply to ]

Oct 2, 2000, 2:53 AM

Post #4 of 6 (1143 views)

On Sun, 1 Oct 2000, Keith Owens wrote:
Hi,

> I repeat: It does not verify using stock gnupg 1.0.3, with or without
> rsaref. I tried 1.0.3 without load-extension rsaref and it still
> failed to verify.

1.0.3 does not use rsaref or any other rsa module - it is silently
ignored. I have no way to test 1.0.2 with the rsaref module - my
test with the rsa moules says that the signature is bad. pgp 2.6.3a
(From Debian) says the same.

Interesting new class wu-ftp bug ;)

Ciao,

Werner

--
Werner Koch GnuPG key: 621CC013
OpenIT GmbH http://www.OpenIT.de

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

Re: 1.0.3 fails to verify RSA signature, 1.0.2 is OK [ In reply to ]

Oct 2, 2000, 3:29 AM

Post #5 of 6 (1143 views)

On Mon, 2 Oct 2000 11:53:01 +0200,
Werner Koch <wk@gnupg.org> wrote:
>1.0.3 does not use rsaref or any other rsa module - it is silently
>ignored. I have no way to test 1.0.2 with the rsaref module - my
>test with the rsa moules says that the signature is bad. pgp 2.6.3a
>(From Debian) says the same.
>
>Interesting new class wu-ftp bug ;)

gpg 1.0.2 with rsaref module accepts the signature. PGP version
unix50i1b accepts the signature. pgp-2.6.3i does not. gnupg 1.0.3
does not. A worrying set of results, especially since an earlier
version of gpg worked.

# pgpv wu-ftpd-2.6.1.tar.gz.asc
This signature applies to another message
File to check signature against [wu-ftpd-2.6.1.tar.gz]:
Good signature made 2000-07-02 05:18 GMT by key:
1024 bits, Key ID 62885875, Created 1999-05-22
"WU-FTPD Development Group <wuftpd-members@wu-ftpd.org>"

WARNING: The signing key is not trusted to belong to:
WU-FTPD Development Group <wuftpd-members@wu-ftpd.org>

# pgp-2.6.3i wu-ftpd-2.6.1.tar.gz.asc
Pretty Good Privacy(tm) 2.6.3i - Public-key encryption for the masses.
(c) 1990-96 Philip Zimmermann, Phil's Pretty Good Software. 1996-01-18
International version - not for use in the USA. Does not use RSAREF.
Current time: 2000/10/02 10:26 GMT

File has signature. Public key is required to check signature.

File 'wu-ftpd-2..$00' has signature, but with no text.
Please enter filename of material that signature applies to: wu-ftpd-2.6.1.tar.gz
.
WARNING: Bad signature, doesn't match file contents!

Bad signature from user "WU-FTPD Development Group <wuftpd-members@wu-ftpd.org>".
Signature made 2000/07/02 05:19 GMT using 1024-bit key, key ID 62885875

WARNING: Because this public key is not certified with a trusted
signature, it is not known with high confidence that this public key
actually belongs to: "WU-FTPD Development Group <wuftpd-members@wu-ftpd.org>".

Signature and text are separate. No output file produced.

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

Re: 1.0.3 fails to verify RSA signature, 1.0.2 is OK [ In reply to ]

Oct 2, 2000, 4:34 AM

Post #6 of 6 (1147 views)

On Mon, 2 Oct 2000, Keith Owens wrote:

> gpg 1.0.2 with rsaref module accepts the signature. PGP version
> unix50i1b accepts the signature. pgp-2.6.3i does not. gnupg 1.0.3

I still wonder why gpg-1.0.2 with rsa.c does not accept the sig.

The strange thing I noticed about this signature is:

:signature packet: algo 1, keyid 0ECD082462885875
version 3, created 962515123, md5len 5, sigclass 01
^^
that it uses textmode which is somewhat strange for a detached
signatures. textmode does not has the data asis but translates LF
to CR,LF and strips white spaces - there is no reason to use it for
binary files. There are a couple of workarounds in GnuPG to cope
with all the different behaviour of the different PGP flavours
regarding the textmode.

Ciao,

Werner

--
Werner Koch GnuPG key: 621CC013
OpenIT GmbH http://www.OpenIT.de

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org