T350 test failures with gnupg-2.1.16
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Nov 22 15:07:53 PST 2016
On Tue 2016-11-22 15:49:37 -0500, Daniel Kahn Gillmor wrote:
> On Tue 2016-11-22 14:22:09 -0500, Marius Bakke wrote:
>> T350-crypto: Testing PGP/MIME signature verification and decryption
>> PASS emacs delivery of signed message
>> FAIL signature verification
>> --- T350-crypto.2.expected 2016-11-22 18:59:48.341851653 +0000
>> +++ T350-crypto.2.output 2016-11-22 18:59:48.341851653 +0000
>> @@ -11,7 +11,7 @@
>> "id": 2
>> },
>> {
>> - "content-length": 280,
>> + "content-length": 312,
>> "content-type": "application/pgp-signature",
>> "id": 3
>> }
>
> If you could get me a copy of the actual application/pgp-signature part,
> i'd be interested in looking at it. Unlike bremner, i'm actually able
> to duplicate this problem on debian sid, so i'll see what i can figure
> out.
OK, the difference here is that 2.1.16 is automatically including the
full OpenPGP v4 fingerprint in the message signature. This is part of
the ongoing discussion around revisions to the OpenPGP standard, and it
makes it easier for a mail user agent to tell whether it's missing the
key for verification or whether the signature is just bad.
so the length of the signature is extended by about 23 octets (1 octet
of subpacket length; 1 octet of subpacket type, 1 octet of fpr versio
number, and 20-octets of fingerprint), which becomes about 32 octets
after base64 encoding, hence the increase in content-length from 280 to
312 octets.
As for how to fix it -- i guess the right thing would be to make that
number variable -- as long as the signature is non-zero and it
validates, i think it'd be fine.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 962 bytes
Desc: not available
URL: <http://notmuchmail.org/pipermail/notmuch/attachments/20161122/14fabe02/attachment.sig>
More information about the notmuch
mailing list