wu-ftpd-2.6.2 fails GPG & PGP2 signature verifications, passes PGP6!
dshaw at jabberwocky.com
Sun Dec 2 02:56:59 EST 2001
On Sat, Dec 01, 2001 at 03:14:11AM -0800, Hugh Daniel wrote:
> UPDATE: My email below is suspect in that I was finely able to get
> a 'valid signature' result using pgp-6.5.8, but one that had been
> installed from an RPM and not source (to my knowledge the 'matching'
> source fails to compile still) and thus I myself do not place much
> trust in that version of PGP.
> There is still a huge problem here, but now more with PGP, as simple
> file signature validations should NOT be failing across different
> versions of the horrid PGP/GPG/OpenPGP mess.
> Frankly, I am at a bit of a loss as to a reasonable course of action
> in this case. I don't trust any of the pieces at this point and thus
> none of the results. I guess I will just turn off wu-FTP on any
> servers I have and hope for a better day...
The immediate problem is in the signature:
:signature packet: algo 1, keyid 0ECD082462885875
version 3, created 1007126392, md5len 5, sigclass 01
digest algo 1, begin of digest ea 0d
data: [1024 bits]
Note the sigclass. Sigclass 0x01 means "signature on a canonical TEXT
document". The signature is calculated after changing the end-of-line
characters to CRLF, and stripping trailing blanks.
The wu-ftpd tarball is certainly not text, and as such, seems to be
causing problems with the text canonicalization code in at least one
of the programs. Basically, PGP 6.5.8, PGP 2.6.3i, and GnuPG 1.0.6
are canonicalizing this "text" differently. It's nearly 3am here, so
I'm not going to delve into which is correct. ;)
After running a few experiments, I was able to successfully verify the
signature with GnuPG by modifying the text canonicalization code (this
doesn't mean the problem is in GnuPG - just that I'm more familiar
with it, so it was easier for me to test with). I'm not surprised the
signature verified correctly with PGP 6, as it was made with PGP 6 in
the first place.
In any event, since the wu-ftpd tarball is certainly not text, a
signature on a binary document (sigclass 0x00) would avoid all these
problems and would likely verify without any difficulty. To do this,
the signer needs to remove "TextMode" or "-t" from their PGP
David Shaw | dshaw at jabberwocky.com | WWW http://www.jabberwocky.com/
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 482 bytes
Desc: not available
More information about the cryptography