Clearsigned text / OpenPGP interop

Rachel Willmer rwillmer at gmail.com
Mon Dec 10 13:50:11 CET 2007


Hi

I wonder if someone could point me in the right direction.

I'm using GPG to generate a clearsigned text message (V4 sig, SHA1
hash) which I'd like to validate using OpenPGP::SDK. The test is
currently failing, and I'm a bit confused about what GPG is actually
hashing.

In the GPG function hash_sigversion_to_magic(), it's hashing the
signature sub-packet as I'd expect, but then at the end of the
function, there's this:

<code>
        /* add some magic */
        buf[0] = sig->version;
        buf[1] = 0xff;
        buf[2] = n >> 24; /* hmmm, n is only 16 bit, so this is always 0 */
        buf[3] = n >> 16;
        buf[4] = n >>  8;
        buf[5] = n;
        md_write (md, buf, 6);
</code>

I can't figure how this matches up to the OpenPGP spec.

So if anyone can help with the following questions, I'd appreciate it:

a) Am I just missing something obvious in the RFC? If so, please point me at it!

b) Or, do I need to do something special to make gpg generate
OpenPGP-compliant packets? (I'm using --openpgp but is there something
else?)

c) or is gpg just not intended to be openpgp-compliant for V4 sigs?

thanks for any light you can shed,
Rachel



More information about the Gnupg-devel mailing list