Page MenuHome GnuPG

Are you aware of implementations which would generate signatures with 0x0001 lbits in signature?
Closed, ResolvedPublic


Sorry, if this is not a correct way to ask a question.
In RNP we experienced an issue where certain keys have 0x0001 instead of valid high bits of signature hash in packet. Are you aware of such cases/implementations which generated such artifacts?

Here is an issue for reference:


External Link

Event Timeline

werner claimed this task.
werner added projects: gnupg, Documentation.
werner added subscribers: dshaw, werner.

No, I am not aware. I can't remember whether PGP once had such a bug because @dshaw did most cross-testing and fixing for PGP bugs. I would suggest to remove any such checks. IIRC, this was introduced by PGP 2 to speed up signature checking. 30 years ago RSA operations were quite expensive.

GnuPG never checked it and remaining non-functional code was removed with rG151ee2f47bfdaa1273cdfd4855e937fb8f2e1d06 in 2002 if I see this right.

The gnupg-devel mailing list might be a better place for such questions.