[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Signing text messages...



My public key, for those wanting to check the sig on the message below:

-----BEGIN PGP PUBLIC KEY BLOCK-----
mQCNAiqsNkwAAAEEAMKWM52m5EWi0ocK4u1cC2PPyHT6tavk9PC3TB5XBYDegf3d
sldRpnjJj1r+aO08FFO+QLEI9wtBqvf1PPP5iLX7sD2uIVlJH14MPtyVtjm9ZKb8
JMtCW74045BgtHBC9yQ3V7vXNV5jM6dE2ocnH4AI/pBFrGLJPKgTA69YIUw3AAUR
tCZIYWwgRmlubmV5IDw3NDA3Ni4xMDQxQGNvbXB1c2VydmUuY29tPokAlQIFECqu
M1Tidd4O/2f3CwEByrUD/3uoV2y+Fuicrrd2oDawgOw9Ejcx6E+Ty9PVPqKvflLs
0zYyGfeFVSgBbTSDP3X91N3F68nydl9J9VA6QRCGelHM1cZRukCJ0AYbKYfpwUN0
xjEGHsDrd2gT5iWlB3vBZvi+6Ybs4rSq+gyZzVm1/+oRrMen32fz2r0CLgUtHok2
=fF6Z
-----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNED MESSAGE-----

Phil Karn asks about end-of-line conventions for signed text messages.
PGP uses the convention of lines terminated by carriage-return-line-feed.
On Unix systems or other systems which don't use that convention,
it attempts to change the message into this "canonical" text mode
before calculating or checking the signature.

The issue of trailing blanks is more problematical.  Some mail gateways
and some mail "user agent" software apparently take liberties with
blanks at the end of lines.  The PGP canonical text format does not
include any specification for whether lines could or could not have
blanks at the end.  If mailers will leave trailing blanks alone, then
PGP cleartext signed messages will have correct signatures.  If some
intervening mailer has added or removed trailing blanks, then the
signatures will be wrong.  Presumably something like this has happened
to my signed message on which Edgar found a bad signature.  Perhaps
Edgar could try stripping any trailing blanks from his copy of my
message and see if it then signature-checks OK.  I'll double-check
that this message is signed with no trailing blanks.  Then if you get
a bad signature, I predict that you must have trailing blanks in your
copy of the file.  I'd appreciate hearing whether this prediction is
correct.

It would be possible to change PGP's canonical text format
to specify that lines have no blanks at the end.  In that case, PGP
would, whenever it computed or checked a signature on a text file,
process the file to make sure that each line ended with a CRLF preceded
by no trailing blanks.  I think this would solve a lot of the gateway
problems.  But it would be a somewhat more "aggressive" change to what
the user is asking PGP to sign.

The design of PGP's cleartext signature was influenced by PEM, which
also uses a canonical text format for line terminators, but doesn't
deal with trailing spaces, as far as I know.

The real solution, IMO, is to fix those broken mailers that add
or remove spaces.  I don't see why this behavior has ever been put
into mail gateways.

Hal Finney
[email protected]

-----BEGIN PGP SIGNATURE-----
Version: 2.1

iQCVAgUBKzfNHqgTA69YIUw3AQGNdwP/Q51Lvmee1cTb865aInePsRxMTe4qfjeU
DSP8o5hHlBKbII8mCrU/WHZ7upjO3ak4E6wZDyOexsfJFH4FIMnDueihrVVXevlA
FWUQopZIyG4P5Wzofgra8BSjw5WzVZncW2alPQFuB40D9N9VgyopX8IktktVPs4p
qDkHsn9zIpU=
=K/Ui
-----END PGP SIGNATURE-----


Distribution:
  CYPHERPUNKS >INTERNET:[email protected]