[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GnuPG and trailing whitespace handling
> When you receive a message, don't go interpreting it. Do nothing. Compute
> the signature. In the case where you have a non-blank-trimmed literal
> packet, don't even look for the flaw here.
It is not that simple for detached signatures (a detached signature is
one where the PGP message consists of the signature packet only and
the signed text is specified externally). When you verify a detached
text-mode signature, you *have to* convert the text to canonical
format first. And, conversely, when you generate a detached signature,
modifying the original file usually is not an option.
> It's my opinion that if a 2440 application wants to send a textmode message
> with trailing blanks then the obvious, right way to do it is to put a
> binarymode signature after the textmode literal.
RFC 2440 doesn't expressly say whether or not you can do that, but as
far as I remember, PGP just throws funny error messages at you when
you try it.