checking multiple signatures of different types (or different digests)

David Shaw dshaw at jabberwocky.com
Mon Jan 14 02:37:08 CET 2013


On Jan 13, 2013, at 2:16 AM, John Clizbe <JPClizbe at tx.rr.com> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1,SHA256
> 
> Daniel Kahn Gillmor wrote:
> 
> 
> Funny... as in odd. I do that very thing ALL the time. And it verifies just
> fine. See
> http://tech.groups.yahoo.com/group/PGP-Basics/message/34730 for an example.
> 
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1,SHA256

This is why it works for you.  You have a clearsigned message with multiple hashes and multiple signatures, which is a defined part of the spec.  I'm not completely sure what Russ Allbery's code is doing, but I suspect it's multiple detached sigs in a single file.

i.e.:

  cat thefile | gpg -u key1 --armor --detach-sign > my-sigs.asc
  cat thefile | gpg -u key2 --armor --detach-sign >> my-sigs.asc

(Where key1 and key2 use different hashes)

There is history to this, but the brief version is that this was never supported, and in fact GPG tells you it isn't supported ("gpg: WARNING: multiple signatures detected.  Only the first will be checked.").  I added the warning message way back in 2002/2003.  It only allows this if both sigs are of the same class (i.e. both binary or both textmode) and the same hash.

Now, none of this means it couldn't be added.  We'd need to run multiple hash contexts, with one for each signature, and given how the file-of-sigs is currently processed that's not exactly trivial.  Given that until now, nobody noticed the lack since 2003, I'm not sure that it's a common problem.

David




More information about the Gnupg-devel mailing list