GPG and PGP5

brian moore bem at cmc.net
Sat Oct 17 23:44:02 CEST 1998 

On Sat, Oct 17, 1998 at 08:41:58PM -0700, brian moore wrote:
> What's that option?  I guessed --rfc1991, but that's not it.

>From looking at the code, it seems no option is for just signing.

But lookie:

[thorin:~] 10:33:47pm 308 % gnupg-0.4.1/g10/gpg -s -a -b --force-v3
testc
gpg (GNUPG) 0.4.1; Copyright (C) 1998 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

gpg: Warning: using insecure memory!

You need a passphrase to unlock the secret key for
user: "brian moore <bem at cmc.net>"
(1024-bit DSA key, ID 88322B51, created 1998-10-17)

File 'testc.asc' exists. Overwrite (y/N)? y
[thorin:~] 10:33:57pm 309 % gpg --list-packets testc.asc
gpg (GNUPG) 0.4.1; Copyright (C) 1998 Free Software Foundation, Inc.
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions. See the file COPYING for details.

:signature packet: algo 17, keyid 377FCE2488322B51
        version 3, created 908688837, md5len 5, sigclass 00
        digest algo 2, begin of digest 32 3c
        data: [158 bits]
        data: [160 bits]
[thorin:~] 10:34:03pm 310 % pgpv testc.asc
This signature applies to another message
File to check signature against [testc]: 
Good signature made 1998-10-18 05:33 GMT by key:
  1024 bits, Key ID 88322B51, Created 1998-10-17
   "brian moore <bem at cmc.net>"
   "brian moore <bem at thorin.cmc.net>"
   "brian moore <bem at news.cmc.net>"

The code is rather silly: it's basically the option stuff in g10.c to
allow the 'force-v3' flag, and two changes to sign.c: one in
only_old_style to always return 1 if opt.forcev3 is set, and one in
sign_file if'ing the 'sig->version = sk->version;' at 370 and setting
sig->version to 3 if opt.forcev3 is set.

This is a bit more than my one line change last night, but it's WAY cool
that pgp5 now verifies signatures properly.  I'll clean it my /* XXX */
stuff that I used to flag my changes and send a patch along in a bit.

This should mean that you can send signed-with-gpg files to PGP5 users
and have them not flinch (or segfault, which is what it did for me).

(And, yeah, I know it's not OpenPGP compliant, hence why it probably
should be a --force-misbehavior, but it should be very useful in the
real world. :))

-- 
Brian Moore                       | "The Zen nature of a spammer resembles
      Sysadmin, C/Perl Hacker     |  a cockroach, except that the cockroach
      Usenet Vandal               |  is higher up on the evolutionary chain."
      Netscum, Bane of Elves.                 Peter Olson, Delphi Postmaster

More information about the Gnupg-devel mailing list