On Mon, Apr 02, 2007 at 11:24:45AM +0200, Werner Koch wrote: > On Mon, 2 Apr 2007 09:40, [EMAIL PROTECTED] said:
> >>> I can provide some more details on this. GnuPG 1.4.7 returns with this > >>> error message "gpg: can't handle this ambiguous signature data". > > Well, PGP is broken: > -----BEGIN PGP SIGNATURE----- > Version: PGP Universal 2.5.3 > > qANQR1DEDQMBAhH9zteyosL+MwHCPwMFAUYL2iX9zteyosL+MxECC8QAnRhWP2Sx > Ex7VcRL+wBVB2C7lksYAAKCYHvRP7E8vA5jKNgigU0o4kbFn4w== > =lOCI > -----END PGP SIGNATURE----- > > This should be a detached signature, but http://www.mailscanner.info/files/4/tar/MailScanner-install-4.58.9-1.tar.gz.sig seems to have the same problem: -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) qANQR1DEDQMAAhER9llHFBW2VAHCPwMFAEXCAV0R9llHFBW2VBECL1sAoK20XoXM yfp8cdno1BQa81FA7xiFAJ4vY6UUI9dlHY8TjDyKuz+VenV94g== =57gK -----END PGP SIGNATURE----- > $ gpg --list-packets -v x.sig > gpg: armor header: Version: PGP Universal 2.5.3 > :marker packet: > 50 47 50 > :onepass_sig packet: keyid FDCED7B2A2C2FE33 > version 3, sigclass 01, digest 2, pubkey 17, last=1 > :signature packet: algo 17, keyid FDCED7B2A2C2FE33 > version 3, created 1175181861, md5len 5, sigclass 0x01 > digest algo 2, begin of digest 0b c4 > data: [157 bits] > data: [160 bits] pgpdump adds packet sizes, which are useful (below): %pgpdump MailScanner-install-4.58.9-1.tar.gz.sig Old: Marker Packet(tag 10)(3 bytes) String - ... New: One-Pass Signature Packet(tag 4)(13 bytes) New version(3) Sig type - Signature of a binary document(0x00). Hash alg - SHA1(hash 2) Pub alg - DSA Digital Signature Algorithm(pub 17) Key ID - 0x11F659471415B654 Next packet - other than one pass signature New: Signature Packet(tag 2)(63 bytes) Ver 3 - old Hash material(5 bytes): Sig type - Signature of a binary document(0x00). Creation time - Thu Feb 1 10:03:57 EST 2007 Key ID - 0x11F659471415B654 Pub alg - DSA Digital Signature Algorithm(pub 17) Hash alg - SHA1(hash 2) Hash left 2 bytes - 2f 5b DSA r(160 bits) - ... DSA s(158 bits) - ... -> hash(160 bits) > So what we have is an ascii armor with a marker packet (that is okay), > followed by a one-pass signature packet directly followed by the > signature packet. Between the one-pass signature packet and the > signature packet, a literal data packet is expected. Fortunately, these semi-detached signature(s) can still be used: %gpg --dearmor < MailScanner-install-4.58.9-1.tar.gz.sig | tail -c 65 > MailScanner-install-4.58.9-1.tar.gz.sign % gpg ... *.sign [snip] [GNUPG:] VALIDSIG EE81D7633DB00BFDE1DC722211F659471415B654 2007-02-01 1170342237 0 3 0 17 2 00 EE81D7633DB00BFDE1DC722211F659471415B654 (Julian <[EMAIL PROTECTED]> BCC'd) -- Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? [EMAIL PROTECTED] _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004
pgpSFjNGyXrEK.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users