Re: [epoint] [issue] Verifiability of transaction database correctness

From: Daniel A. Nagy <nagydani_AT_epointsystem.org>
Date: Mon, 16 Jul 2012 02:11:12 +0200

Hi,

Thanks!

This is precisely why I asked whether or not the document can be
downloaded from the server separately without the signature.

I do believe that gpg behavior on outputting the body of the clearsigned
message is inconsistent with the standard and your current
implementation does have a valid rationale to it. It's just changing gpg
(by submitting bug reports) is a difficult and risky task (one cannot
count on it being achieved after spending any finite amount of resources).

I filed a bug report with GnuPG:
https://bugs.g10code.com/gnupg/issue1419

Let's see how they react. If they do not respond or start arguing within
a week, then let us just conclude that gpg is the way it is and start
working from there.

I would say that in this case, we should calculate the hash from what
gpg outputs from the clearsigned document, the definition being that the
reference hash is the hash of the body (using LF-only line terminations)
with an extra LF added at the end. Adding a newline to the end is much
easier than removing one, using standard tools.

I know that it's a bit of a pain to base a standard on a bug in a piece
of other software, but I also believe it to be crucially important that
it is as easy as possible to use existing third-party software for
verifying the correctness of what is going on.


On 07/15/2012 01:09 PM, Szabolcs Nagy wrote:
> * Szabolcs Nagy <nsz_AT_port70.net> [2012-07-15 11:56:18 +0200]:
>> i will fix the document id calculation so
>> an extra \n after the body is included
>> in the document hash
>>
>
> on a second thought this makes a detached signature
> implementation problematic (for example for storage):
>
> keeping body and sig separately so
>
> gpg --verify sig body
>
> works, the clear signed document is
> (assuming trailing whitespace in body is cleaned up)
>
> cat head body newline sig >clearsigned
> gpg <clearsigned >body2
>
> and body2 will include an extra newline at the end
> so detached vs clearsigned body differs
>
> if the document id is the hash of body2
> then detached signature handling will be awkward
> (ie hash of the stored body will need extra fix)
>
> and some tools prefer detached signatures (email)
>
> so either
>
> sha1sum detached-body
>
> or
>
> gpg <clearsigned |sha1sum
>
> can be the id but not both
>




Received on Mon Jul 16 2012 - 02:11:12 CEST

This archive was generated by hypermail 2.3.0 : Sat Sep 14 2013 - 19:00:04 CEST