On 29/08/14 19:03, Ingo Klöcker wrote:
On Thursday 28 August 2014 22:53:52 TJ wrote:
I've recently been digging deep into the source-code trying to
understand what the differences are between --clearsign and
--detach-sign signatures.
The RFC is probably much easier to read than the source code:
http://tools.ietf.org/html/rfc4880
The RFC was fine but, for me, the code is authoritative especially when
I suspect implementation differences.
I had thought that the message digest hash (in this case SHA512)
should be the same since the input data is the same which-ever
signing method is used. This didn't work as I had expected so I have
been digging into the source-code to figure out what is different
between the two signing methods.
In general the message digest hashes will differ. The reason for this is
a different canonicalization of the signed text (provided the detached
signature is a text document signature; if it's a binary document
signature no canonicalization is applied). A main difference is the
stripping of trailing whitespace in the text (which is done for
cleartext signatures but not for text document signature).
Yes, I worked on that one too, checking that there was no white-space at end
of lines:
egrep '[\t ]$' Release | wc -l
0
I also tried replacing <LF> with <CR><LF> as per 5.2.1. and "Signature of a
canonical text document".
gpg --verify <(echo -e "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n$(sed
':a;N;$!ba;s/\n/\r\n/g' Release)\n$(cat Release.asc.gpg)")
# gpg: Signature made Thu 28 Aug 2014 18:32:06 BST using RSA key ID 3591FB89
# gpg: Good signature from "Test Key (gnupg 1.4.16 Ubuntu 14.04 amd64)
<detac...@signature.org>"
gpg --verify <(echo -e "-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n$(sed
':a;N;$!ba;s/\n/\r\n/g' Release)\n$(cat Release.Test.detached.gpg)")
# gpg: Signature made Thu 28 Aug 2014 19:29:37 BST using RSA key ID 3591FB89
# gpg: BAD signature from "Test Key (gnupg 1.4.16 Ubuntu 14.04 amd64)
<detac...@signature.org>"
Looking at the code the signing path is either of:
g10/sign.c::sign_file()
g10/clearsign_file()
For sign_file() text_filter() and md_filter() are added to the input iobuf
filter list.
For clearsign_file() copy_clearsig_text() is called, which in turn uses
len_without_trailing_chars()
to copy the line excluding trailing whitespace from plaintext input to
clearsign output.
For verify_signatures() and verify_files() (via verify_one_file()),
armor_filter() is pushed onto the
iobuf filter list then proc_signature_packets() is called, which calls
do_proc_packets() which,
during IOBUFCTRL_UNDERFLOW calls radix64_read() which skips whitespace
characters.
This being the case I cannot see any opportunity for the plaintext that is the
subject of the message
digest hashing to be different, which suggests that something else is added to
the hashed value when
generating a detached signature.
gpg --verify Release.asc
# gpg: Signature made Thu 28 Aug 2014 18:32:06 BST using RSA key ID 3591FB89
# gpg: Good signature from "Test Key (gnupg 1.4.16 Ubuntu 14.04 amd64)
<detac...@signature.org>"
gpg --verify Release.Test.detached.gpg Release
# gpg: Signature made Thu 28 Aug 2014 19:29:37 BST using RSA key ID 3591FB89
# gpg: Good signature from "Test Key (gnupg 1.4.16 Ubuntu 14.04 amd64)
<detac...@signature.org>"
gpg --verify Release.asc.gpg Release
# gpg: Signature made Thu 28 Aug 2014 18:32:06 BST using RSA key ID 3591FB89
# gpg: BAD signature from "Test Key (gnupg 1.4.16 Ubuntu 14.04 amd64)
<detac...@signature.org>"
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
