Page MenuHome GnuPG
Create Task
Maniphest T7426

Retain binary representation of key for import->export (in particular, Ed25519 signature)
Testing, NormalPublic
Actions

Description

T4954: SOS representation and improvements in GnuPG made a progress, from a viewpoint of underlying crypto operations, for keeping the binary representation intact.
It allows stopping old practice of big-endian values and we identified&fixed bugs in libgcrypt and gpg-agent for stop modifying data silently (see: T4956 and T4964).

On the other hand, GnuPG 2.2 and other implementations keep old practice removing leading zeros in Ed25519 signature in the upper layer.

Given this situation, when importing, it is good to retain the binary representation of external input key, specifically, the data of the Ed25519 signature.

Revisions and Commits

rG GnuPG
rG7c378e0be78c gpg: Fix modifying signature data by pk_verify for Ed25519.
rG52616ae81d80 gpg: Fix modifying signature data by pk_verify for Ed25519.

Related Objects
Search...

Event Timeline

gniibe triaged this task as Normal priority.Mon, Nov 25, 3:46 AM
gniibe created this task.
gniibe added a comment.EditedMon, Nov 25, 6:46 AM

Actually, it's a bug when importing a key. It's not-intended-side-effect of the change in rG0a5a854510fd: gpg: Fix false negatives in Ed25519 signature verification..
Fixed in rG70c49ce02401: gpg: Fix modifying signature data by pk_verify for Ed25519.

gniibe updated the task description. (Show Details)Mon, Nov 25, 7:14 AM
gniibe updated the task description. (Show Details)Mon, Nov 25, 7:36 AM
gniibe mentioned this in T7403: GnuPG 2.4.6 rewrites Ed25519 MPIs into non-compliant MPI form .Mon, Nov 25, 10:21 AM
gniibe added a parent task: T7403: GnuPG 2.4.6 rewrites Ed25519 MPIs into non-compliant MPI form .
werner added a commit: rG52616ae81d80: gpg: Fix modifying signature data by pk_verify for Ed25519..Mon, Nov 25, 11:07 AM
werner added a commit: rG7c378e0be78c: gpg: Fix modifying signature data by pk_verify for Ed25519..Mon, Nov 25, 11:11 AM
werner changed the task status from Open to Testing.Mon, Nov 25, 11:13 AM
werner added a project: gnupg.
werner added a subscriber: werner.

I cherry picked your patch for master and 2.4.

werner mentioned this in T7353: Release GnuPG 2.4.7.Mon, Nov 25, 12:27 PM