Bug#1100485: hopenpgp-tools: hokey canonicalize damages signature
Clint Adams
clint at debian.org
Fri Mar 14 16:05:34 GMT 2025
> + Bad Signature:
> + Version: 4
> + Type: SubkeyBinding
> + Pk algo: RSA
> + Hash algo: SHA256
> + Hashed area:
> + Signature creation time: 2025-02-25 05:18:24 UTC (critical)
> + Issuer: 39CB544D6527CF60
> + Nicolas Pitre <nico at fluxnic.net> (UNAUTHENTICATED)
> + Notation: salt at notations.sequoia-pgp.org
> + 00000000 1a 30 59 f3 ea fd 72 88 a3 2b 5e a5 1b e2 43 bd
> + 00000010 89 d8 f6 37 92 11 28 a5 50 8d b1 af c8 e9 16 48
> + Key flags: S
> + Embedded signature: (critical)
> + Version: 4
> + Type: PrimaryKeyBinding
> + Pk algo: RSA
> + Hash algo: SHA256
> + Hashed area:
> + Signature creation time: 2025-02-25 05:18:24 UTC (critical)
> + Issuer: 7F4A62820BF463B7
> + Nicolas Pitre <nico at fluxnic.net> (UNAUTHENTICATED)
> + Notation: salt at notations.sequoia-pgp.org
> + 00000000 d8 bd 36 7c ef bd c5 da 85 b8 f7 02 5d 3b 81 28
> + 00000010 1b b8 e1 68 40 15 89 ec b5 8b f0 eb d4 bb b0 f4
> + Issuer Fingerprint: E582CAEAF7CBA7AA04344A927F4A62820BF463B7
> + Nicolas Pitre <nico at fluxnic.net> (UNAUTHENTICATED)
> + Digest prefix: 4CA6
> + Level: 0 (signature over data)
> + Digest prefix: DB75
> + Level: 0 (signature over data)
It does look like only this signature is getting corrupted; replacing
that one in the hokey output with the original packet makes
`sq inspect` happier.
My suspicion is that something is horribly wrong with the
reserialization of the hashed embedded signature subpacket.
More information about the Pkg-haskell-maintainers
mailing list