> There’s an important check missing here: the code verifies that BODY* is > a valid signature, but it doesn’t check whether what it signs > corresponds to this narinfo up to but excluding the ‘Signature’ field.
Oh, indeed.
> 5. pass the hash to the signature verification procedure.
Then, it should extract the other hash from the Signature line, compare
the hashes, and run the rest of the checks, right?
>> + ("Signature" . ,(lambda (narinfo)
>> + (let ((sig (narinfo-signature
>> narinfo)))
>> + (string-append
>> + (number->string (signature-version
>> sig))
>> + ";"
>> + (signature-key-id sig)
>> + ";"
>> + (base64-encode
>> + ;; XXX: Can we assume UTF-8 here?
>> + (string->utf8
>> + (canonical-sexp->string
>> + (signature-body sig)))))))))
> It’s important to keep the original signatures intact.
Not sure I follow. Can I simply use ("Signature" . ,narinfo-signature)?
> To fix this, the <narinfo> record must include an additional field to
> contain the original narinfo string.
Please elaborate. Which string are you talking about?
pgpADRO9kzyfQ.pgp
Description: PGP signature
