[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Clarification needed on compressed messages
-----BEGIN PGP SIGNED MESSAGE-----
I was sent an interesting interoperability problem today with a signed
message that wouldn't verify in GnuPG. After some examination, and
once the encryption was stripped off, it seemed that it was a message
of the form:
signature packet + compressed packet (literal packet)
That is, a signature packet, followed by a compressed packet which
contained a literal packet.
In the grammar, the latest draft (and 2440 also) say that a "Signed
Signed Message :- Signature Packet, OpenPGP Message |
One-Pass Signed Message
GnuPG (and it seems the new PGP) generate the One-Pass method, but
still accept the common SIG+LITERAL construction. No problems there.
However, since a valid "OpenPGP Message" may be a "Compressed
Message", that would also make the message I received a legal
Is this the intent? And if so, in a SIG+COMPRESSED(LITERAL) message,
is the SIG issued over COMPRESSED(LITERAL) or LITERAL ?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3rc2 (GNU/Linux)
Comment: Key available at http://www.jabberwocky.com/david/keys.asc
-----END PGP SIGNATURE-----