[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[debian-users:01132] Re: PGP modified signature dashes ?



あらきです。

kikutani> おかしいなあ。
kikutani> というファイルにPGPでサインすると(pgp -sta tmp.txt)

kikutani> となって、signatureとの境界の「-- 」の前に「- 」が挿入されます。
kikutani> これって仕様ですか? 前はこんなことなかったような。

PGP 2.6.3i doc/changes.doc によると、

Changes for PGP 2.6.2

- Some people reported a "bug" that you could stick an extra paragraph
  in the beginning of a clear-signed message and PGP would still report
  a good signature.  PGP allows comment "headers" before ASCII-armor
  blocks (like the Version: header that's there for debugging
  purposes), terminated, as with e-mail and usenet messages, by a blank
  line.  These headers are just window dressing; PGP ignores them.  So
  this is actually a "feature"; the bug is that people think it's part
  of the signed message.  There are a number of ways to fake the
  visual appearance of a blank line using common file-viewing
  utilities, a blank line is easy to miss even if you know about it,
  and headers are not presently used in clear-signed messages.  So now
  headers are forbidden at the beginning of a clear-signed message.
  Also, PGP enforces an RFC-822-like syntax on header lines before ASCII
  armor.

と、あるので、仕様でしょう。
---
あらき@ないすと(yasuhi-a@xxxxxxxxxxxxxxxxxx)|「健全なハッカーは
荒木靖宏 奈良先端大計算機アーキテクチャ講座 |  健全なネットワークに
http://fukuda.aist-nara.ac.jp/~yasuhi-a/    |  宿れかし」