Section 5.2.4 of draft-koch claims, that for v5 signatures:
- Only for document signatures (type 0x00 or 0x01) the following three data items are hashed here: o the one-octet content format, o the file name as a string (one octet length, followed by the file name), o a four-octet number that indicates a date, - the two octets 0x05 and 0xFF, - a eight-octet big-endian number that is the length of the hashed data from the Signature packet **stopping right before the 0x05, 0xff octets**.
- First impression was that length of the hashed data should include literal packet info, but investigating GnuPG sources it appears that it doesn't. Is this correct?
- For the cleartext signed data, GnuPG hashes char 't' + 5 zeroes, however draft tells "For detached and cleartext signatures 6 zero bytes are hashed instead.". Is this a GnuPG issue?