Skip to content

GopenPGP miscomputes "v5" signatures #261

Description

@teythoon

GopenPGP 2.7.4 miscomputes draft-koch-openpgp-2015-rfc4880bis (aka "v5 OpenPGP") signatures. The signatures roundtrip fine, but are rejected by OpenPGP.js 5.5.0 and GnuPG 2.4.0. Signatures created by OpenPGP.js 5.5.0 and GnuPG 2.4.0 are rejected by GopenPGP 2.7.4.

There may also be some kind of packet corruption, as both Sequoia and OpenPGP.js report a packet truncation.

https://tests.sequoia-pgp.org/#Sign_Encrypt-Decrypt_Verify_roundtrip_with_key__Emma_

Consider dropping support for "v5" signatures (see #260). If no one complained about broken signatures so far, it is likely not used in the wild.

Metadata

Metadata

Assignees

No one assigned

    Labels

    v2Targeting GopenPGP v2

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions