WARNING: signature digest conflict in message ?
David Shaw
dshaw at jabberwocky.com
Thu Sep 25 22:19:00 CEST 2008
On Thu, Sep 25, 2008 at 08:17:25PM +0100, Brian Candler wrote:
> On Thu, Sep 25, 2008 at 04:03:47PM +0200, Matija Nalis wrote:
> > That is indeed very reasonable (I didn't think of big non-seekable
> > stream and was hoping for 2-pass or buffer) and obviously the right
> > way to do it, not to mention conforming to RFC.
> >
> > (although as alternative it might also sequentially generate all
> > supported hashes as it goes, and then drop the unneeded ones; but
> > this would also be an inexcusable waste of resources)
>
> I wonder if in principle another option would be to take the clearsigned
> message, reformat it as message plus detached signature, and then process
> that. (This could be done in one pass, and then the actual verification
> would be a second pass)
This theoretically could be done, but there are some corner cases due
to end of line handling between the clearsigned format and the
detached format. Basically:
> clearsigned message <-------> message + detached signature
This is possible.
> signed message <------------> message + detached signature
This is isn't always possible without the signed message having
particular end of line restrictions.
David
More information about the Gnupg-devel
mailing list