Malformed Signatures?
Reason Number 7 why I knew i wouldn't cozy to PGP 2.6 - After tinkering around, I decided to see what would happen if I implemented PGP 2.6 using my existing 2.3a keyrings. After performimg a "pgp -kc paul" PGP 2.6 declares my signatories: (Malformed or obsolete signature format) and asks if I would like it to: Remove bad signatures (Y/n)? Does this mean what I think it means? - paul just a tad miffed
There was a bug in the old versions of PGP. It was discovered in version 2.2, and was corrected, somewhat in version 2.3. The bug was that the RSA-encoded certificated were actually in the reverse byte-order than they should have been, before they were encoded in the RSA encryption. This was somewhat corrected in 2.3, in that 2.3 could read the new, correct, pkcs_compatible signature, although PGP didn't start outputting this corrected signtature until 2.3a. PGP version 2.6 cannot read the old version. This means that anything that was created with versions before 2.3a cannot be read by version 2.6, and this is what you are seeing when you see "Malformed or obsolete signature format".. It is a signature that was created before 2.3a, and therefore 2.6 does not understand it. FYI: PGP 2.6 has a neat feature... If you recreate a signature in the new format, with a newer timestamp than an old signature, 2.6 will use the newer signature in lieu of the older signature when merging keyrings, so you can replace old signatures. -derek PS: This had to happen eventually.
a "pgp -kc paul" PGP 2.6 declares my signatories: (Malformed or obsolete signature format) and asks if I would like it to: Remove bad signatures (Y/n)? Does this mean what I think it means?
A PGP signature is made like this (I think): 1. Decide what to sign. In the case of a signature on a key, it includes the key and the user-ID to which the signature will attest, the date, and some other stuff. 2. Generate a digest of the message to be signed. This uses MD5. 3. Encapsulate the digest in some way. The old way used some simple padding, and the new way uses slightly more complex padding. PGP versions up to 2.2 always generated the old format, but 2.2 could understand both formats. PGP 2.3 could understand both formats, and could generate either format under control of the "pkcs_compat" option. PGP 2.5 and 2.6 don't like the old format, and I am not sure how easy it would be to teach them to understand it. 4. RSA encrypt the encapsulated digest, using the secret key of the signer. The results obviously depend on the type of encapsulation chosen in step 3. 5. Encapsulate the encrypted digest and some other stuff in a PGP "packet". If you want PGP 2.5 and 2.6 to understand your signatures, you have to use the PKCS encapsulation at step 3 above. This means that you have to ask people who have already signed your key using the old method to sign it again using the new method. --apb (Alan Barrett)
participants (3)
-
Alan Barrett -
Derek Atkins -
paul@hawksbill.sprintmrn.com