[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP hole



> The bug seems to be present in all versions (even the ViaCrypt versions
> have this problem). It has been reported as a bug to the MIT pgp-keepers.

The "bug" looks like a deliberate design decision to me.  Everything from
the "--- BEGIN PGP" line to the first blank line is ignored, and is not
considered part of the signed message.  There's a comment in the source
code (file armor.c in the versions I checked), saying "Skip header after
BEGIN line". 

--apb (Alan Barrett)