[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] signatures and checking
From: |
Tom Lord |
Subject: |
Re: [Gnu-arch-users] signatures and checking |
Date: |
Tue, 27 Jan 2004 08:41:07 -0800 (PST) |
> From: "Johannes Berg" <address@hidden>
> Here's the relevant part of the RFC (2440)
Very nice. So the "official word" is already in place.
> Dash escaped cleartext is the ordinary cleartext where every line
> starting with a dash '-' (0x2D) is prefixed by the sequence dash '-'
> (0x2D) and space ' ' (0x20). This prevents the parser from
> recognizing armor headers of the cleartext itself. The message digest
> is computed using the cleartext itself, not the dash escaped form.
> As with binary signatures on text documents, a cleartext signature is
> calculated on the text using canonical <CR><LF> line endings. The
> line ending (i.e. the <CR><LF>) before the '-----BEGIN PGP
> SIGNATURE-----' line that terminates the signed text is not
> considered part of the signed text.
> Also, any trailing whitespace (spaces, and tabs, 0x09) at the end of
> any line is ignored when the cleartext signature is calculated.
> Therefore, we're safe unless we
> a) depend on space (tla doesn't afaik)
Correct.
> b) create lines starting with "-" (neither does it do this).
Correct.
> Therefore, the approach I outlined above (and implemented in my
> patch barring errors for unsigned archives which I forgot to
> test) should work at least with gpg.
> Bottom line: I think its sufficient to handle it in a way my
> patch does.
It's better just to rely on the .check file doing a more rigorous
check. The awk script will do for now and a convenience feature in
GPG to do the same thing would be nice.
-t
Re: [Gnu-arch-users] signatures and checking, Andrew Suffield, 2004/01/26
Re: [Gnu-arch-users] signatures and checking, Robert Collins, 2004/01/27
Re: [Gnu-arch-users] signatures and checking, Johannes Berg, 2004/01/27
- Re: [Gnu-arch-users] signatures and checking,
Tom Lord <=
Re: [Gnu-arch-users] signatures and checking, Johannes Berg, 2004/01/27
Re: [Gnu-arch-users] signatures and checking, Johannes Berg, 2004/01/27