pgp 8.3 invalid armor header

[Maxine Brandt]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John Courie wrote:

| I have someone new to this who generated a 4096 key ( I told him 
that
| was into the realm of tinfoil but he's a nooB and is excited about 
it) I
| can verify the key because I physically saw it generated and handed 
to
| me.  Now when I go to import it into my keyring the error message is
| invalid armor header.  So I thought about it a while and opened the 
asc
| in vi and deleted the second line of the header which just said
| "www.pgp.com" on it and tried again and the key imported without 
errors.

This is a problem with the PGP 8.x freeware "Version" line. The line 
is 65 characters and armored blocks are wrapped at 64, so this line 
often causes problems.

|  With that in mind, my question is, isin't it a security violation 
to
| alter an armor header?  I thought that messing with the header would
| break the key but it didn't, is there a danger of this contributing 
to a
| spoof of cleartext signing?

It seems that one can change the line in clear-signing or keyblocks, 
but I once had an "invalid armored header" on an encrypted message in 
which the sender had changed the version line. PGP decrypted the 
message OK, but not GnuPG.

Salut,
Maxine


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: My OpenPGP keys are at http://www.torduninja.tk

iD8DBQE/2gksKBY/R6nbCcARAgrjAJ9dEdvds+Y1J9XR+kVMJoZgGJXQkgCfenz2
mm0udIOslnzaFxaYKOSP5Bw=
=nnY1
-----END PGP SIGNATURE-----