On Aug 12, 2011, at 3:27 PM, brian m. carlson wrote:
I have a quality-of-implementation question (more in general than
specifically about GnuPG). I am writing an implementation of OpenPGP
that verifies signatures, among other things.
Signatures contain the left two bytes of the hash as a quick check.
I've noticed that a small number of signatures are in fact valid even
though this quick check does not match the hash. Is it considered
acceptable to fix up this value if it is wrong? If not, is it
acceptable to treat two signatures as the same signature if they are
identical but for the left two? Does GnuPG (or any other
implementation) actually give any credence to the left two whatsoever?
I can't speak for other implementations, but GnuPG does not look at the left
two at all, and jumps right into checking the whole signature. It *generates*
the quick check bytes, of course, as that is mandated by the standard, but it
does not look at them itself.
I think that behavior is fine - the real check is the signature itself.
If there's an OpenPGP implementers' list or another, more appropriate
forum, please feel free to point me in that direction. I couldn't find
one, so I posted here.
You might also try the ietf-openpgp list: http://www.imc.org/ietf-openpgp/
David
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
