grub-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] verify: search keyid in hashed signature subpackets (repost)

From: Jon McCune
Subject: Re: [PATCH] verify: search keyid in hashed signature subpackets (repost)
Date: Mon, 21 Nov 2016 09:56:29 -0800
On Mon, Nov 21, 2016 at 6:45 AM, Daniel Kiper <address@hidden> wrote:
On Fri, Nov 18, 2016 at 12:00:08PM +0000, Ignat Korchagin wrote:
> Reposting this, as requested by Daniel and rebasing on current tree.
>
> Currently GRUB2 verify logic searches PGP keyid only in unhashed subpackets of PGP signature packet. As a result, signatures generated with GoLang openpgp package (https://godoc.org/golang.org/x/crypto/openpgp) could not be verified, because this package puts keyid in hashed subpackets and GRUB code never initializes the keyid variable, therefore is not able to find "verification key" with id 0x0.

I think it would be wise to include a brief argument citing the OpenPGP RFC that this change is compliant. Compatibility with an existing implementation is valuable, but let's make sure the appropriate code is being changed. (I haven't looked carefully myself.)

Thanks,
-Jon


reply via email to
[Prev in Thread] Current Thread [Next in Thread]