Page MenuHome GnuPG
Create Task
Maniphest T896

PGP signed "£" verifys as bad in GPG
Closed, ResolvedPublic
Actions

Description

When I sign a message with a £ in with PGP 9.8.2 and try and verify it with GPG
2.0.7 the verification fails. This is reproducable with message of just a single £.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP Desktop 9.8.2 (Build 3005) - not licensed for commercial use:
www.pgp.com

mQENBEfuSlABCADXdoIhVV3dCB0kADuMBt4spXcSjlsRQmVa/ji1XM485fjP+LH5
nd9WRSJ6pV82Dtn0gUVTY8rtefx/pd7EjOJoOsJXG7hnFDxQqcQGStSCShZKrxT+
mVr1n92cJPyskgE7FCjokTiXKcn+0Z7ZTxtwqIE8+ZibdnuUz9OYC9sblUsX3BIY
EW3ppydymj5Ay9RRHh4h35mGhIZVJcuEPdt7uhMRVGgIkF978SOCnCI7PV6OdTYl
wOTbgXWVQjVlhDr57fAdC2pfPHCwhIUin9njHdyYB6ny46nm3lsUPu8YWw1/Jp50
BRKNW8LPG2vvN6vAtr/n2qvsNHlEXr3jnyJRABEBAAG0J0phbWVzIFR1bm5pY2xp
ZmZlIDxqYW1lc0BuYW5vc2hlZXAub3JnPokBhwQQAQIAcQUCR+5fSTAUgAAAAAAg
AAdwcmVmZXJyZWQtZW1haWwtZW5jb2RpbmdAcGdwLmNvbXBncG1pbWUHCwkIBwMC
CgIZARkYbGRhcDovL2tleXNlcnZlci5wZ3AuY29tBRsDAAAAAxYCAQUeAQAAAAQV
CAkKAAoJELW/fHKzlzew/BkH/1n+WsBuvOOeYSo4uNlXF0UcZz5I/DWEAXtSR/uH
XkwcAwDWlnoED9nEoNNB4ftuvE4s6z8co0AR2vnHjK5+/4xFmMXLDWELDqsbECQj
zfjGhuDQEMIZ3CtN77c0Du4gzZE9Rz+N5dpYp1ry3oVoiwFCmucLYmhZSJbMqfhG
iUcsq4dkttIbgDjoNTtlq4eQY0XuudCv0QRx9CKeKJ6eB6Rk4rlC47cK/7035wPl
KN/1+EFSz/XSJo8qW3dpwIDrpxBid5yDecK7RFlZKwj9GICgjdvpcQoqhQxTqcgU
8XKI4N4QAtW6K6zaVEqqqsN5gkiu33l2eY2JlCFh7kENEdm0K0phbWVzIFR1bm5p
Y2xpZmZlIDxkb29mZXJsYWRAbmFub3NoZWVwLm9yZz6JAYQEEAECAG4FAkfuX0kw
FIAAAAAAIAAHcHJlZmVycmVkLWVtYWlsLWVuY29kaW5nQHBncC5jb21wZ3BtaW1l
BwsJCAcDAgoZGGxkYXA6Ly9rZXlzZXJ2ZXIucGdwLmNvbQUbAwAAAAMWAgEFHgEA
AAAEFQgJCgAKCRC1v3xys5c3sMS0B/9zwXhOFzIYX6ulhREyTJaDzd6IyZg7YKLI
uAcCXO4plmotAgaYw+dRAUWE4kW/bu/nyOx/1KU3k7CyhgBhSVmpJVOb7nllFPEj
TTrAVAqBE4pGKuo+D51L/PmvcGf/tP29kpqM9jGcs1B5kFUuw4hKiwFoCJRZEsPd
FfJNyIiAhhUoV/czJ8ylr6A8Sx7Te26qzrRpJtJDBwCC/nu1l1HVYX4RGYp4NGRc
wC8OMHK0AJ3JbOjw4TvPSmzUZ8lYSlQEF0VpQD8J2yj86JmQuOdTg7d0vrZE5ayB
YRX2nx3s/9sMTSxebMO7FHt4gNx3LfgWDZgq1VuEdDRQ0vjii2Y2tCdKYW1lcyBU
dW5uaWNsaWZmZSA8ZG9vZmVybGFkQGdtYWlsLmNvbT6JAYQEEAECAG4FAkfuX0kw
FIAAAAAAIAAHcHJlZmVycmVkLWVtYWlsLWVuY29kaW5nQHBncC5jb21wZ3BtaW1l
BwsJCAcDAgoZGGxkYXA6Ly9rZXlzZXJ2ZXIucGdwLmNvbQUbAwAAAAMWAgEFHgEA
AAAEFQgJCgAKCRC1v3xys5c3sCqOB/46KURyykiyfu5gPFPmrj2MXWE9uzi0OKqf
ydnz7GxetDR+JJveiLvMJgvXLwHde/XjNClUX3XkU7Bz0uYbM7YGKfJebZdWlm+H
+QmH78MmAs8Uu7jcOAysOxV5laf9g9HcHUnPpmVJIKWcdd10bG6mNDotaYdwEjIM
IIa2Pqxsk9xbDT6hQKthCvRgQ4mm1Bi0TjPgVW/df9x+w6RJN/BeJYK7BlGx8fiG
6aHqw6XiKPXWnmpf63Im1mKvbRtVKl+ieN8EDMZI1Qp0CbjJIpo596KRON4+c/Td
/UhlDVya3G+modK9+sGclpMN6wYOKfnv4Ipb+vc/bKSaPZKQpFqctCVKYW1lcyBU
dW5uaWNsaWZmZSA8cGdwQG5hbm9zaGVlcC5vcmc+iQGEBBABAgBuBQJH7l9JMBSA
AAAAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGluZ0BwZ3AuY29tcGdwbWltZQcL
CQgHAwIKGRhsZGFwOi8va2V5c2VydmVyLnBncC5jb20FGwMAAAADFgIBBR4BAAAA
BBUICQoACgkQtb98crOXN7A5ngf+O4GUVSHQG06RTrtdLv3J08qXfn3JUPfQCPuU
yjQqUe024FMJ0MQJGbD4ym/TTW9FTpjYYMQzg+uq6ErsmcvHQrRF6FupFWgysTmy
g+PlEaVTI8rFn0vyx78l6JjsIKwzMmGbPYlqqdYljx//2pCBfEue+i4fiyQwM6pP
smEyd6poiCnHkL871DwmILLfhuOEr4y/0aFne4prTFMRF8KfA6WPB3iPUmNdiQ62
npE2zzrNXwqF85nad4yi4AY5blUh1PHIHX4DvUMVgrefa1Rm1KVMVD6sqjsr+gUz
qIHYYO6bsPDprBH3Q5FGd/RJo4vpnCKXHEO0H9eVNo54pzhZLbkBDQRH7kpQAQgA
rFwiPvWypsHZgLw0Fpy9dlH0gBeAcD7KXSz9rfkHuMMOioFqQOzONA/jmMxAy9XW
yOO2TQZHWJdPxCFyV0kmEePcABhKYBB8FWlsxQI8c7t7aYRMZS4/dZgVkdZhMtru
H+aQCH/NYwXu6KrdSvcgpqwY+FRqJ9vCtBc7Lh3LMcbiCZGKidRKfao5xLDiVEOl
ABHO4N7HuKGX+YmSdje0nGMct/m2keGcUeN+7Umkdm945ZEVuJHw5oa2CwBaSiyY
idhfa1rDrcPoJIc2d/jvOb1LKHY1vHRHMDbq9aUcuyasuSKnlLv7qDIIBty/CYga
dVQjvYdMLa2x0V48/QC1lQARAQABiQJBBBgBAgErBQJH7kpRBRsMAAAAwF0gBBkB
CAAGBQJH7kpQAAoJEAUWy2auqetK2D8H/1a2wyUHnV8yWmdfIyKaKzsgx8BYtNdB
nR1Y6+4qJTE1RtF+8laFMnCy1MshgFircFhshr/Vt80+GehSrJootfc+88RnVaai
DTfMc0s7BLKt3RBe5XqVzvEIyghZJ/+hiLfj+L4pPVCpjTk8lYUqHMF4a6witQ73
cndipKZ7hvvSy0NVmrI9Qej35Eq0ljN38kKCimvYiLhvrLrNUl3qCKvYHntFtUAc
9J2ncZbnFk/9ReJ2DRKmALEcmNfhqMOlo7C2bCCb0ScBXCSW/RKGQYrvXUp1PwC8
S6tw/4zQVmwF4ApYcnVgEaiTCuIj8ReS7KpyFSG6zfAfe8b5loOO7EgACgkQtb98
crOXN7ByDggAwbj/BoConuRHR+5h7Bh26rlu99vR/v73Hwym8QhKpM65WwXNsBuI
nOkW+YskcajzTmpultQ+0e+MIclesM1po2tFrBrMf7BeWu4sfncb2umY46uuUX/A
GDUVNHq9r1y79+HfMchuetahU/RAm6nvhH3J33RCBFREDqt8MlPWf7cV7GOCXXBS
/K4vYbBhiBFBX/EvtuB/daf0v80lEZ5MUmzzrqxQ7rv0HBhuZXLaEXzlDIbtu8Uz
xC5WHsnHxFihptwF5MQceU4Fc45KtC5376EGMRkaXyvFnhqvCrHKrehsFATMIZGw
yz59ktgG195yEosLOH6krawCymQri6UKsA==

tMVd

-----END PGP PUBLIC KEY BLOCK-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

£

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.2 (Build 3005) - not licensed for commercial use:
www.pgp.com
Charset: utf-8

wsBVAwUBR+5bW7W/fHKzlzewAQj+awgAu2EqdTjP5597GVTNEK1JQAbIe/IfaZ74
VesP32cIaq6pSAhtqwxD/Dlvs+0VAfNuScSgj3SPwQhbvAqbviGwk48F3Or2QtWL
ZfT7wAjJ2X95r0RQiegtXT4ZdPR4Nr8AkwGWpXJ4UqzS8IPSUlpFIdp4aCLYjJ/o
lVYooasds3ZLAq6QGzDC3TFbyQeSzyasUzmOI3d+8Xp9OMsiR6MwxNQNCMd+cvIY
xPO2wX7OjsrSlZiplKVThKPMyQX4JfaunqmgfUPxxKMIe2NlsFNoWoaHBUrYBV4U
1QWEPHD3A2NsvHiUoRarcqTDyJDpDtb+LpgKVOy2vPLOST66QzSEaQ==

4HFW

-----END PGP SIGNATURE-----

Details

Version
2.0.7

Event Timeline

dooferlad added projects: gnupg, Bug Report.Mar 29 2008, 4:33 PM
dooferlad set Version to 2.0.7.
dooferlad added a subscriber: dooferlad.
werner added a subscriber: werner.Mar 31 2008, 1:04 PM

Just tried and can't replicate it. Note that the Version header line needs to be
one line and not 2 as seen below. I merged them. I tried this

gpg2 --homedir . --verify --debug 512 x

x has the message. The option "--debug 512" creates 2 files with the actual
signed part of the message. You can run:

$ hd dbgmd-00001.verify 
00000000  c2 a3 0d 0a                                       |£..|
00000004

this to check that the clear signed message is actuall what you assumed.

dooferlad added a comment.Mar 31 2008, 8:54 PM

159_bug.txt618 BDownload

dooferlad added a comment.Mar 31 2008, 8:54 PM

It looks like it is a character encoding problem. I was having the problem in
Windows and just checked it in Linux. I have the same bug, but if I load the
file up in the Gnome text editor and save it back out as UTF-8 then the bug is
not seen. Saving in ISO-8859-15 reproduces the bug.

I guess the question is now should GPG be recognising the encoding of the input
text differently and translating it or is PGP wrong in doing some internal
translation.

werner closed this task as Resolved.Dec 5 2008, 6:43 PM
werner claimed this task.

Right, this seems to be a charset problem. As per rfc4880 (ans also 2440),
OpenPGP specified all text to be UTF-8 encoded. However PGP used to ignore any
character sets and thus implicitly assumed Latin-1. Except for the rarely used
charset clearsign header (which gnupg does not support) there is no way to know
the charset. Further there is often a conflict between the MIME stated charset
and the assumed one of a clearsigned message

I close this bug becuase there is nothing we can do.