Re: Multiple signatures over a document

<vedaal@hush.com> Thu, 19 October 2006 17:54 UTC

Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1Gac6T-0007LC-68 for openpgp-archive@lists.ietf.org; Thu, 19 Oct 2006 13:54:49 -0400
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1Gabvd-0003SJ-JA for openpgp-archive@lists.ietf.org; Thu, 19 Oct 2006 13:43:43 -0400
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k9JHAe7r090366; Thu, 19 Oct 2006 10:10:40 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k9JHAdsK090365; Thu, 19 Oct 2006 10:10:40 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from smtp3.hushmail.com (smtp3.hushmail.com [65.39.178.135]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k9JHAcoR090357 for <ietf-openpgp@imc.org>; Thu, 19 Oct 2006 10:10:39 -0700 (MST) (envelope-from vedaal@hush.com)
Received: from smtp3.hushmail.com (localhost.hushmail.com [127.0.0.1]) by smtp3.hushmail.com (Postfix) with SMTP id 16450A32C3 for <ietf-openpgp@imc.org>; Thu, 19 Oct 2006 10:10:37 -0700 (PDT)
Received: from mailserver7.hushmail.com (mailserver7.hushmail.com [65.39.178.62]) by smtp3.hushmail.com (Postfix) with ESMTP for <ietf-openpgp@imc.org>; Thu, 19 Oct 2006 10:10:36 -0700 (PDT)
Received: by mailserver7.hushmail.com (Postfix, from userid 65534) id 62518DA824; Thu, 19 Oct 2006 10:10:36 -0700 (PDT)
Date: Thu, 19 Oct 2006 13:10:35 -0400
To: <ietf-openpgp@imc.org>
Cc:
Subject: Re: Multiple signatures over a document
From: <vedaal@hush.com>
Content-type: text/plain; charset="UTF-8"
Message-Id: <20061019171036.62518DA824@mailserver7.hushmail.com>
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.2 (/)
X-Scan-Signature: 202a3ece0492a8c7e7c8672d5214398f

On Wed, 11 Oct 2006 06:21:50 -0400 "Nickolay L." <ni4@ukr.net> 
wrote:

>I cannot resolve, how to correctly calculate multiple signatures 
>over
>the document. I'm hashing entire document body + beginning of
>signature (as described in 2440), and everything is ok.
>But, when I'm producing two old-style signatures :
>1) GnuPG checks only the first one, and says that it's ok
>2) PGP 8.1 checks both, but says that first one is invalid, and 
>the
>second is ok
>
>Producing two new-style signatures (with one-pass signature 
>packets),
>getting :
>1) GnuPG checks both, and says that they're correct.
>2) PGP 8.1 checks both, and says that first is invalid, and second 

>one
>is valid.
>
>It seems, that PGP calculates the signature over the whole 
>document +
>bodies of other signatures.
>
>But from 2440 it seems, that signed hash must not include other
>signatures.
>
>Please, anybody can clearly describe, what behavior is correct?
>
>And, maybe, such situation must be described in 2440?


do not know what is 'correct',
but do know what is *compatible*

using the sample keypairs that were posted here,
here is an example of a message signed by both sample keys, and 
encrypted to one of them,
with both signatures verifiable as 'good'
by both gnupg and pgp :

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: double-signed, encrypted,  passphrase = password

hQIOAyYaxlDFAtObEAf/R/PHOXh+iYUHDCLCWqP6BQv/zw+hvsHHxgY2wk4kOR9C
K3pMWo1JHOHhdqjmSGqamw7dDAPPz2wn3KDnnNzf0cnxKi7xDpalkbi6LD2pbtbm
nNf7XWVU1iAaJDRFzN4qpeoJacl/Vdghph2OsWebRzbH2npjqEqIoIIEWsDk0XbH
f0c9xlkAprouzsGT5VQb9WRS+MhBUewPbrn5wfYAZxN2dUbhERox5PJRkMiCsbVC
GPaVXbFgYOyCO9KYY1BbZZYvqBOrVkbIqGBXIlx8oWWSSXQXFaA+jy5Vx5O0vFt3
43Dq67CfkPiUnmgnmQywq5uRwfsXbBJsZ8JyQq+3ogf/VUQ/oPqHJawPt2rwnbCB
sYjBmJoCYj7z4KMNzrp6mska+9wvxQ1p86oxk6nl1JTfKIerte10Ljfo46aG/HIJ
zjZa8vJMKx0bGf6bo2tqwq2TGevs7Zfh/qBNEqY09DnNTbmRFYMDmZ4ektR9OkbT
heTIhsMx6NOjE0k5WbSQwATdaeut8Dep4Dk+XVo2MTCRAo6rpxjM+jtfJTmd8cR8
mBGPKiuzk3V2dEyw23cWV+CFK8v5vwfAUJY6m+QGDBewAdEMxhjESvQiH1rwrZcS
W4p2GZIdfrE+dkQGl5vQ9EWywZzP/mqEvg4CMAK2V3DKuvLe/yrx1yZIKicpgUsR
AYUBDANhDmKfZ2eDtQEH/RAZ6fK0UIXOZteWo5gPVXytfLRKRldGTImhDNs1MAS3
4yqqg0PWcQwi+lBQg1P9rjPDiS1uNUFCtY1DuOWWKtYMHrBDFIhvAm9I7fwJsUVg
slQk6eiLmEfe1REIjwl7N4k6LAEuP5nlKhMn/4a+X+HZy4qT9kFe5xfCvHVlt3qC
MSu6BwJzHFLx03mNR2J3iY1GpMwVh37G8LiWc9vkJCeSx/TYr90wOqs0asPrYUEU
aHbkWt8y+fjSOH8Sp7itGTVtpAT76B5AhyctLfpCMJEQDOCv9z89mIhDvgbXxeyO
JqsX5jT3QD5b04RfwygUFrPm8Qu4nENZjIm5wn4seEjSwQEBq3teHpA5pAQGuP65
aaHASYUIpI077+S4pUnazwrTQxyrvtDAeyTrP6iA6kvq4fUSWYJC5MhS4Cfs5zkB
4/FkbT5/HyNHLVjRpIVL8SriXgwfWYhQDfIaXwTmD7Jx33Zxpn/Aj37B/0AalLT5
WC55AyV3r1mTEkTPM7wR0oqs+pPKxnFFShj2rOQsN/JrVQfe7hnerxQQZVuKyFvs
hYKgyFii+6XiWE+kLn2y6J2jDpz2OpQFjAj/dh+Hts2EqO54ZgZ/DnaHpB8+04k2
SDq/SuVrVxU4mq3x9HTGljlnrg6Y2NQPr/4pnFTiUbx1e4IZjXc1Xn1WZFm3Z1oy
MkGG2876asXh0JozkdRqcstCboLDb7DfNfpe98WuocUWeTHvWp4x+0mtTVFMNW3I
9qsK7Nk4ZXUUVs/cawWT957FsxAreNJgPcEwzkMLsiS/PSLv9r7fJA9fFcUK4YCG
9N/JlMuaZSYz+AuuinVFVVglAnkK8DTEQaY84Y14P8oZ8nqraKsI51aQodXBEOh9
YRsqUhIWJLUG3ujJCHwisa2d6qDSUajjQhW5Jgu/EWDcECoiNnL5Ajs4HFmsF+g3
NGLoEA==
=0xrg
-----END PGP MESSAGE-----


here is the verbose gnupg output upon decryption:

:pubkey enc packet: version 3, algo 16, keyid 261AC650C502D39B
        data: [2047 bits]
        data: [2047 bits]

You need a passphrase to unlock the secret key for
user: "Sample SecureBlackbox PGP key<info@eldos.com>"
2048-bit ELG-E key, ID C502D39B, created 2005-12-13 (main key ID 
2A35EB74

:pubkey enc packet: version 3, algo 1, keyid 610E629F676783B5
        data: [2045 bits]
:encrypted data packet:
        length: 449
        mdc_method: 2
:compressed packet: algo=1
:onepass_sig packet: keyid 610E629F676783B5
        version 3, sigclass 00, digest 8, pubkey 1, last=0
:onepass_sig packet: keyid A97CE19B2A35EB74
        version 3, sigclass 00, digest 8, pubkey 17, last=1
:literal data packet:
        mode b (62), created 1161276131, name="mst.txt",
        raw data: 21 bytes
:signature packet: algo 17, keyid A97CE19B2A35EB74
        version 3, created 1161276131, md5len 5, sigclass 00
        digest algo 8, begin of digest 09 57
        data: [157 bits]
        data: [158 bits]
:signature packet: algo 1, keyid 610E629F676783B5
        version 3, created 1161276131, md5len 5, sigclass 00
        digest algo 8, begin of digest 09 57
        data: [2046 bits]

Press any key to continue . . .

gpg: armor: BEGIN PGP MESSAGE
gpg: armor header: 
gpg: armor header: 
gpg: public key is C502D39B
gpg: using subkey C502D39B instead of primary key 2A35EB74
gpg: using subkey C502D39B instead of primary key 2A35EB74
gpg: WARNING: cipher algorithm TWOFISH not found in recipient 
preferences
gpg: public key encrypted data: good DEK
gpg: public key is 676783B5
gpg: encrypted with 2048-bit RSA key, ID 676783B5, created 
12/13/2005
      "Sample SecureBlackbox PGP key<info@eldos.com>"
gpg: encrypted with 2048-bit ELG-E key, ID C502D39B, created 
12/13/2005
      "Sample SecureBlackbox PGP key<info@eldos.com>"
gpg: TWOFISH encrypted data
gpg: original file name='mst.txt'
gpg: Signature made 10/19/2006 12:42:11 using DSA key ID 2A35EB74
gpg: Good signature from "Sample SecureBlackbox PGP 
key<info@eldos.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to 
the owner.
Primary key fingerprint: 4D52 32BB 2228 BAAB 8F1D  C10E A97C E19B 
2A35 EB74
gpg: binary signature, digest algorithm SHA256
gpg: Signature made 10/19/2006 12:42:11 using RSA key ID 676783B5
gpg: Good signature from "Sample SecureBlackbox PGP 
key<info@eldos.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to 
the owner.
Primary key fingerprint: 2B8C 0F9B C47B B6BD 06ED  87C5 610E 629F 
6767 83B5
gpg: binary signature, digest algorithm SHA256
gpg: decryption okay
gpg: session key: 
`10:F4CF7598DEC06A1FBDF5B79CB667616919D1443E045A4EA7C4B37C4FD9C0F77B
'

Time: 10/19/2006 1:04:45 PM (10/19/2006 5:04:45 PM UTC)


afaik,
gnupg is the only open-pgp implementation that can produce multiple 
simultaneous signatures

in order for other implementations to do so too,
there should be some clear directions in rfc 2440 as to how to do 
so in a way that would be compatible to all open-pgp programs


vedaal



Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485