And http://lists.gnu.org/archive/html/grub-devel/2016-04/msg00040.html
On Wed, Apr 20, 2016 at 11:11 AM, Andrei Borzenkov <[email protected]> wrote: > http://lists.gnu.org/archive/html/grub-devel/2016-03/msg00294.html > > On Wed, Apr 20, 2016 at 4:59 AM, Charles Duffy <[email protected]> wrote: >> Howdy -- >> >> When trying to validate a signature produced by the Go standard-library >> OpenPGP implementation, I get the following: >> >> grub> verify_detached /test /test.sig >> error: public key 00000000 not found. >> >> GnuPG verifies this same signature successfully. On investigation, there >> appear to be two differences, and I haven't yet narrowed down which one is >> relevant. Comparing the output of pgpdump between a working signature and a >> broken one: >> >> ## This works in GnuPG but not GRUB2's verify >> New: Signature Packet(tag 2)(284 bytes) >> Ver 4 - new >> Sig type - Signature of a binary document(0x00). >> Pub alg - RSA Encrypt or Sign(pub 1) >> Hash alg - SHA256(hash 8) >> Hashed Sub: signature creation time(sub 2)(4 bytes) >> Time - Tue Apr 19 20:01:19 CDT 2016 >> Hashed Sub: issuer key ID(sub 16)(8 bytes) >> Key ID - 0x18C4A5DFD888B456 >> Hash left 2 bytes - e8 64 >> RSA m^d mod n(2048 bits) - ... >> -> PKCS-1 >> >> ## This works in both >> Old: Signature Packet(tag 2)(284 bytes) >> Ver 4 - new >> Sig type - Signature of a binary document(0x00). >> Pub alg - RSA Encrypt or Sign(pub 1) >> Hash alg - SHA1(hash 2) >> Hashed Sub: signature creation time(sub 2)(4 bytes) >> Time - Tue Apr 19 20:43:04 CDT 2016 >> Sub: issuer key ID(sub 16)(8 bytes) >> Key ID - 0xD452F94A220096E4 >> Hash left 2 bytes - 43 69 >> RSA m^d mod n(2046 bits) - ... >> -> PKCS-1 >> >> The visible differences here (other than the hash algorithm, for which both >> are known to be supported) are whether the key id subpacket is hashed, and >> whether the 0x40 CTB flag is set. >> >> Is there any upstream knowledge here, so I don't go chasing down false >> paths? >> >> _______________________________________________ >> Grub-devel mailing list >> [email protected] >> https://lists.gnu.org/mailman/listinfo/grub-devel >> > > _______________________________________________ > Grub-devel mailing list > [email protected] > https://lists.gnu.org/mailman/listinfo/grub-devel _______________________________________________ Grub-devel mailing list [email protected] https://lists.gnu.org/mailman/listinfo/grub-devel
