SHA-224 problem

David Shaw dshaw at jabberwocky.com
Fri Nov 30 02:05:15 CET 2007


A typo was recently discovered in the new OpenPGP RFC.  While an
errata document will be issued to take care of the RFC, there is some
impact to GPG as well.  The typo was in the encoded ASN.1 OID for
SHA-224: a number that forms part of the signature when the hash is
used with an RSA key.

I've committed a fix for this for 1.4.8, so that new RSA + SHA-224
signatures use the right constants.  I've also added some
bug-compatibility code so that 1.4.8 (and later) will be able to
verify the old, incorrect signatures.

What this means:

* If you make a RSA + SHA-224 signature with 1.4.8 or later, earlier
  versions will not be able to verify it.

* Existing RSA + SHA-224 signatures that were made with 1.4.7 or
  earlier will still be verifiable with 1.4.8 or later.

Remember that this only applies to an RSA signature made with the
SHA-224 hash.  There is no problem with any DSA signatures (whether
they use SHA-224 or not), or RSA signatures with any other hash.

Also note that this does not make the signature insecure or unsafe in
any way.  This is strictly a compatibility issue.

David



More information about the Gnupg-users mailing list