[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Signing text messages...
My public key, for those wanting to check the sig on the message below:
-----BEGIN PGP PUBLIC KEY BLOCK-----
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNED MESSAGE-----
Phil Karn asks about end-of-line conventions for signed text messages.
PGP uses the convention of lines terminated by carriage-return-line-feed.
On Unix systems or other systems which don't use that convention,
it attempts to change the message into this "canonical" text mode
before calculating or checking the signature.
The issue of trailing blanks is more problematical. Some mail gateways
and some mail "user agent" software apparently take liberties with
blanks at the end of lines. The PGP canonical text format does not
include any specification for whether lines could or could not have
blanks at the end. If mailers will leave trailing blanks alone, then
PGP cleartext signed messages will have correct signatures. If some
intervening mailer has added or removed trailing blanks, then the
signatures will be wrong. Presumably something like this has happened
to my signed message on which Edgar found a bad signature. Perhaps
Edgar could try stripping any trailing blanks from his copy of my
message and see if it then signature-checks OK. I'll double-check
that this message is signed with no trailing blanks. Then if you get
a bad signature, I predict that you must have trailing blanks in your
copy of the file. I'd appreciate hearing whether this prediction is
It would be possible to change PGP's canonical text format
to specify that lines have no blanks at the end. In that case, PGP
would, whenever it computed or checked a signature on a text file,
process the file to make sure that each line ended with a CRLF preceded
by no trailing blanks. I think this would solve a lot of the gateway
problems. But it would be a somewhat more "aggressive" change to what
the user is asking PGP to sign.
The design of PGP's cleartext signature was influenced by PEM, which
also uses a canonical text format for line terminators, but doesn't
deal with trailing spaces, as far as I know.
The real solution, IMO, is to fix those broken mailers that add
or remove spaces. I don't see why this behavior has ever been put
into mail gateways.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
CYPHERPUNKS >INTERNET:[email protected]