GnuPG 2.4.4 still using legacy packets?

Tue, 11 Nov 2025 02:30:13 -0800 

Hi,
I'm currently trying to implement OpenPGP signatures to sign my code. RFC 9580 is fairly readable, but it’s not crystal clear how people do signatures in practice, so I used GnuPG as a reference. Version 2.4.4, as installed by default on my Ubuntu 24.04. 

I made a signature with the following command:

    gpg --detach-sign monocypher-4.0.2.tar.gz

Here’s the hex dump of the resulting file:

    0000  88 75 04 00 16 0a 00 1d  16 21 04 bb bc 09 18 65
    0010  b9 94 0a 37 ca 9a df 86  40 f6 ba 7b ff b3 4a 05
    0020  02 69 12 0d 2c 00 0a 09  10 86 40 f6 ba 7b ff b3
    0030  4a fb 3b 00 fe 3f a0 ab  23 e1 5f df e2 21 a2 5b
    0040  2b 9b 01 5d 7c 9a 8d ec  da ac c8 85 96 24 94 bf
    0050  f9 da 57 86 a8 00 f9 01  10 75 54 63 b2 86 7d a7
    0060  7d 13 f5 5e cb 09 82 f9  c2 11 84 4d ae dc 9f fb
    0070  4a 5a e3 8d 82 76 0f
    0077

Reading the RFC, the first bytes should contain a packet header.
The first byte is the Encoded Packet Type ID.  So:

    0x88 = 0b10001000

Broken down, I get:

    10  : Legacy format
    0010: 2 (SIG)
    00  : Length is encoded in one byte


So the next byte, 0x75, should be the length of the body.  Which matches 
the length of my file (0x77 bytes total, minus the 2-byte header).  I 
have yet to decipher the rest of the packet, but that’s not my main 
concern right now. My question is, *did GnuPG really produce a legacy 
packet?*


The RFC states that is should not:

> The Legacy packet format SHOULD NOT be used to generate new data,
> unless the recipient is known to only support the Legacy packet
> format. This latter case is extremely unlikely, as the Legacy packet
> format was obsoleted by [RFC2440] in 1998.


As far as I can tell, version 2.4.4 is from last year.  And yet it 
outputs *by default* a legacy format that was obsoleted 26 years prior? 
I must be missing something.  Either I read the hex dump wrong, or 
there’s a justification behind GnuPG’s use of the legacy format.  If 
someone could explain, I’d be very grateful.


Thanks,
Loup.


_______________________________________________
Gnupg-users mailing list
[email protected]
https://lists.gnupg.org/mailman/listinfo/gnupg-users






















					Reply via email to