oss-sec mailing list archives
Re: safe use of cleartext signatures?
From: Werner Koch <wk () gnupg org>
Date: Tue, 30 Dec 2025 09:47:11 +0100
On Tue, 30 Dec 2025 00:34, Jacob Bachmeyer said:
structure, or is this basically an unfixable problem? Could GPG perform such validation steps and emit a warning if a clearsigned message does not strictly conform?
It does. The thing here is that you need to known what has been signed. The only way to do this is to let gpg give you the signed and unescaped) data (with --output FILE). Actually we have the same problem with MIME when forwarding a mail. Not all MUAs correctly mark which parts are signed by which signature. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein
Attachment:
openpgp-digital-signature.asc
Description:
Current thread:
- Many vulnerabilities in GnuPG Demi Marie Obenour (Dec 27)
- Re: Many vulnerabilities in GnuPG Solar Designer (Dec 27)
- Re: Many vulnerabilities in GnuPG Solar Designer (Dec 27)
- Re: Many vulnerabilities in GnuPG Jacob Bachmeyer (Dec 27)
- Re: Many vulnerabilities in GnuPG Salvatore Bonaccorso (Dec 28)
- Re: Many vulnerabilities in GnuPG Werner Koch (Dec 29)
- Re: Many vulnerabilities in GnuPG Demi Marie Obenour (Dec 29)
- Re: safe use of cleartext signatures? (was: Many vulnerabilities in GnuPG) Jacob Bachmeyer (Dec 30)
- Re: safe use of cleartext signatures? Werner Koch (Dec 30)
- Re: safe use of cleartext signatures? Demi Marie Obenour (Dec 30)
- Re: safe use of cleartext signatures? Werner Koch (Dec 31)
- Re: Many vulnerabilities in GnuPG Solar Designer (Dec 27)
- Re: Many vulnerabilities in GnuPG Lexi Groves (49016) (Dec 29)
- Re: Many vulnerabilities in GnuPG Henrik Ahlgren (Dec 29)
- Re: Many vulnerabilities in GnuPG Sam James (Dec 29)
- Re: Many vulnerabilities in GnuPG Jacob Bachmeyer (Dec 30)
- Re: Many vulnerabilities in GnuPG Demi Marie Obenour (Dec 30)
- Re: Many vulnerabilities in GnuPG Sam James (Dec 30)
- Re: Many vulnerabilities in GnuPG Jeffrey Walton (Dec 30)