Prev-20 Home Next-20 GPG 1.4.9 false verification \ Andy McKnight (5 May 2008) . \ Robert J. Hansen (5 May 2008) . . \ Andy McKnight (5 May 2008) 21 msg how long should a password be? 1 msg RFC4880 format without using keyrings? 6 msg Question about GnuPG Smartcard 4 msg filtering signed email with thunderbird 27 msg playing with cryptography... 7 msg my signature does not verify! 2 msg can GPG help me with SPAM? 3 msg GPG warning for integrity protection 3 msg Version 4 / Version 3 keys 2 msg Manual GnuPG 1.4.9 ... 6 msg Revoking keys... 4 msg Merging trusts... 1 msg LDAP Basic Auth not working for key search, key... 3 msg Open Pgp Smartcard ssh authentication Woes :( 3 msg decrypting a message. 5 msg dearmor in GPGME 3 msg Web of Trust 1 msg [Announce] Libgcrypt 1.4.1 released 3 msg Vandalizing keyserver UID's Prev-20 Home Next-20

Prev-Msg Prev-Thread Gnupg-users May-2008 Next-Thread Next-Msg Subject: Re: GPG 1.4.9 false verification Group: Gnupg-users From: Andy McKnight Date: 5 May 2008 > > The behavior is specified by RFC4880 and is not a security risk. > > Hi, I was testing this with the --verify switch only so I didn't see the final output with the stripped headers. Thanks for clearing this up. Your point regarding my mail client was interesting though. I use the web interface of Gmail with the firegpg plugin. I thought I'd look at this in a bit more detail. Sending the below message to me verifies as good through firegpg. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is some tested verification text. - -- key id: 0x6A8BAF97 fingerprint: 0AF9 F0A4 52D2 9775 F996 2027 41AD C31B 6A8B AF97 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: http://getfiregpg.org iEYEARECAAYFAkge2nUACgkQQa3DG2qLr5f0XwCfaZFqPy/Mx5IcydFkHX2Ytr0k MCMAoIGuwXlUuQo8ZQfBGA/pyXmCPphy =/gr1 -----END PGP SIGNATURE----- I then used the same message but modified the last header line after signing but before sending. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, this is my modified line. This is some tested verification text. - -- key id: 0x6A8BAF97 fingerprint: 0AF9 F0A4 52D2 9775 F996 2027 41AD C31B 6A8B AF97 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: http://getfiregpg.org iEYEARECAAYFAkge2nUACgkQQa3DG2qLr5f0XwCfaZFqPy/Mx5IcydFkHX2Ytr0k MCMAoIGuwXlUuQo8ZQfBGA/pyXmCPphy =/gr1 -----END PGP SIGNATURE----- This also verifies good through firegpg with no message regarding an incorrect header. I'd guess as nothing is stripped and no header warning is given this may be more of an issue? Andy. _______________________________________________ Gnupg-users mailing list Gnupg-users http://lists.gnupg.org/mailman/listinfo/gnupg-users Prev-Msg Prev-Thread Gnupg-users May-2008 Next-Thread Next-Msg

© 2004-2008 readlist.com