Re: MD5 BAD Expected : extended by two extra zeros

Jeffrey Johnson Wed, 23 Sep 2015 13:09:45 -0700

> On Sep 23, 2015, at 1:55 PM, Divya Vyas <edivya.v...@gmail.com> wrote:
> 
> 
> Hi,
> 
> root@host:~# gpg --list-keys
> gpg: /home/root/.gnupg/trustdb.gpg: trustdb created
> 
> root@host:~#  rpm -q gpg-pubkey --qf '%{name}-%{version}-%{release} --> 
> %{summary}\n'
> package gpg-pubkey is not installed
> 
> I dont have the keys installed on my host. Why rpm command is saying 
> 
> root@host:~# rpm -K -v pth-2.0.7-r3.1.x86_64.rpm
> pth-2.0.7-r3.1.x86_64.rpm:
>     Header V4 RSA/SHA1 signature: OK, key ID 8b5cccb3
>     Header SHA1 digest: OK (c326a31810f026daac89aa4fd7928c3b574671ea)
>     MD5 digest: BAD Expected(bdaefdc3ddfd1c4ab4fabdd48c117fb800) != 
> (bdaefdc3ddfd1c4ab4fabdd48c117fb8)
> 
> I am signing my rpms ( rpm --addsign) on target with key id 8b5cccb3 and 
> copying to host. How md5 appended to extended zeros.
> 
> @target
> 
> rpm -K -v pth-2.0.7-r3.1.x86_64.rpm
> pth-2.0.7-r3.1.x86_64.rpm:
>     Header V4 RSA/SHA1 Signature, key ID 8b5cccb3: OK
>     Header SHA1 digest: OK (
> c326a31810f026daac89aa4fd7928c3b574671ea)
>     V4 RSA/SHA1 Signature, key ID 8b5cccb3: OK
>     MD5 digest: OK (bdaefdc3ddfd1c4ab4fabdd48c117fb8)
> 
> Target is rpm 4.9 and host is rpm 5.4
> 
> Why two extra zeros 
>


(as described privately)

There was a subtle alignment/padding problem that manifested itself
with the size of the MD5 header+payload digest ending up as 17 bytes
with additional signature tags added to the signature header.

Fixed ~1.5y ago in rpm-5.4.15.

73 de Jeff______________________________________________________________________
RPM Package Manager                                    http://rpm5.org
User Communication List                             rpm-users@rpm5.org

Re: MD5 BAD Expected : extended by two extra zeros

Reply via email to