On Aug 12, 2011, at 3:27 PM, brian m. carlson wrote: > I have a quality-of-implementation question (more in general than > specifically about GnuPG). I am writing an implementation of OpenPGP > that verifies signatures, among other things. > > Signatures contain the left two bytes of the hash as a quick check. > I've noticed that a small number of signatures are in fact valid even > though this quick check does not match the hash. Is it considered > acceptable to fix up this value if it is wrong? If not, is it > acceptable to treat two signatures as the same signature if they are > identical but for the left two? Does GnuPG (or any other > implementation) actually give any credence to the left two whatsoever?
I can't speak for other implementations, but GnuPG does not look at the left two at all, and jumps right into checking the whole signature. It *generates* the quick check bytes, of course, as that is mandated by the standard, but it does not look at them itself. I think that behavior is fine - the real check is the signature itself. > If there's an OpenPGP implementers' list or another, more appropriate > forum, please feel free to point me in that direction. I couldn't find > one, so I posted here. You might also try the ietf-openpgp list: http://www.imc.org/ietf-openpgp/ David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
