On Sat, 01 Dec 2001 03:14:11 -0800, Hugh Daniel said: > file signature validations should NOT be failing across different > versions of the horrid PGP/GPG/OpenPGP mess.
I don't know what you mean by this mess. PGP >= 5 is simply not OpenPGP compliant, even the 7.x versions seem to have a lot of problems. > against it's own signature with either GPG nor PGP2. This is VERY bad, > as you should have tested this before posting the .gs/.asc files, or I remember a bug report for one of the last releases of wu-ftp where the signature was also not valid. The problem that time was that the signature was created in textmode which wrong. textmode should only be used on human readable textfiles to cope with trailing whitespace and line-ending issues. There are many bugs in the way textmode is treated - it even differs between the PGP 2.x versions; see rfc3156 for the ways which should be taken to overcome these problems. You may want to do a gpg --list-packets sigfile to see how the message is actually composed and to track the problem further down, gpg --debug 1024 foo.sig foo should be of great help, because it dumps the data which gets hashed to some file. The source of pgp 6.5.8 is available and you may want to add similar debugging stuff - I am pretty sure that they hash different things. Ciao, Werner --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
