cleartext signature: digest determination

David Shaw dshaw at jabberwocky.com
Wed Jun 19 15:07:39 CEST 2013


On Jun 19, 2013, at 8:19 AM, Hauke Laging <mailinglisten at hauke-laging.de> wrote:

> Hello,
> 
> in RfC4880 I read this:
> 
> https://tools.ietf.org/html/rfc4880#section-7
> 
> «If the "Hash" Armor Header is given, the specified message digest    
> algorithm(s) are used for the signature.  If there are no such headers, MD5 is 
> used.»
> 
> That doesn't make sense to me. I checked a cleartext signature with 
> gpg --list-packets and got this:
> 
> :signature packet: algo 1, keyid 4CB66C1B33FB59FC
>        version 4, created 1364174035, md5len 0, sigclass 0x01
>        digest algo 2, begin of digest a1 0d
>        hashed subpkt 2 len 4 (sig created 2013-03-25)
>        subpkt 16 len 8 (issuer key ID 4CB66C1B33FB59FC)
>        data: [4093 bits]
> 
> This looks like a normal signature packet to me, and it does contain the used 
> digest algo. So why should it be necessary to write the used digest into the 
> cleartext part? Is that a compatibility issue with older OpenPGP versions? 
> Usually that is mentioned but not in the text I quoted.

It's an ordering issue.  Cleartext signatures are designed to be able to be read in a single pass - thus the need for the Hash header at the beginning of the document, so the receiving program doesn't have to read to the end, find out what hash is in use, then jump back to the beginning to actually hash the document.

David




More information about the Gnupg-users mailing list