On Jan 28, 2009, at 6:05 AM, Peter Thomas wrote:
Hi.
I've just made some tests. And it showed that anybody can change the
paket header from old to new for any key (even without the secret
key).
Of course I've expected this, but is this the case for all signature
types, that gnupg doesn't include the paket header in the signing but
just the body?
That is correct. The packet header is not relevant to the contents.
You can change the packet header from old style to new style, or
change the length representation at will.
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
