Bug#1100485: hopenpgp breaks the signature by stripping a hashed subpacket

Justus Winter justus at sequoia-pgp.org
Fri Mar 14 16:44:11 GMT 2025 

Hi,

hopenpgp seems to strip the issuer fingerprint subpacket from the subkey
binding signature.  The old one had it in the unhashed area, so the
signature is still fine:

% diff -u100 <(sq packet dump cert.good--35-Signature-Packet) <(sq packet dump cert.bad--38-Signature-Packet)
--- /proc/self/fd/17    2025-03-14 17:40:19.795784814 +0100
+++ /proc/self/fd/22    2025-03-14 17:40:19.795784814 +0100
@@ -1,25 +1,24 @@
-Signature Packet, new CTB, 853 bytes
+Signature Packet, new CTB, 830 bytes
     Version: 4
     Type: SubkeyBinding
     Pk algo: RSA
     Hash algo: SHA1
     Hashed area:
       Signature creation time: 2014-08-27 18:44:41 UTC
       Key flags: S
     Unhashed area:
       Issuer: 39CB544D6527CF60
       Embedded signature:
                   Version: 4
           Type: PrimaryKeyBinding
           Pk algo: RSA
           Hash algo: SHA1
           Hashed area:
             Signature creation time: 2014-08-27 18:44:41 UTC
           Unhashed area:
             Issuer: 7F4A62820BF463B7
           Digest prefix: 80F4
           Level: 0 (signature over data)
-      Issuer Fingerprint: 4B90E0FDA41432C6D2EB3A7439CB544D6527CF60
     Digest prefix: 2956
     Level: 0 (signature over data)

But, the new one has all information in the hashed subpacket area, and
stripping the subpacket breaks the signature:

% diff -u100 <(sq packet dump cert.good--34-Signature-Packet) <(sq packet dump cert.bad--39-Signature-Packet)
--- /proc/self/fd/17    2025-03-14 17:40:26.711815414 +0100
+++ /proc/self/fd/22    2025-03-14 17:40:26.711815414 +0100
@@ -1,30 +1,29 @@
-Signature Packet, new CTB, 1020 bytes
+Signature Packet, new CTB, 997 bytes
     Version: 4
     Type: SubkeyBinding
     Pk algo: RSA
     Hash algo: SHA256
     Hashed area:
       Signature creation time: 2025-02-25 05:18:24 UTC (critical)
       Issuer: 39CB544D6527CF60
       Notation: salt at notations.sequoia-pgp.org
         00000000  1a 30 59 f3 ea fd 72 88  a3 2b 5e a5 1b e2 43 bd
         00000010  89 d8 f6 37 92 11 28 a5  50 8d b1 af c8 e9 16 48
       Key flags: S
       Embedded signature:  (critical)
                   Version: 4
           Type: PrimaryKeyBinding
           Pk algo: RSA
           Hash algo: SHA256
           Hashed area:
             Signature creation time: 2025-02-25 05:18:24 UTC (critical)
             Issuer: 7F4A62820BF463B7
             Notation: salt at notations.sequoia-pgp.org
               00000000  d8 bd 36 7c ef bd c5 da  85 b8 f7 02 5d 3b 81 28
               00000010  1b b8 e1 68 40 15 89 ec  b5 8b f0 eb d4 bb b0 f4
             Issuer Fingerprint: E582CAEAF7CBA7AA04344A927F4A62820BF463B7
           Digest prefix: 4CA6
           Level: 0 (signature over data)
-      Issuer Fingerprint: 4B90E0FDA41432C6D2EB3A7439CB544D6527CF60
     Digest prefix: DB75
     Level: 0 (signature over data)

Best,
Justus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 584 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-haskell-maintainers/attachments/20250314/0e0f4b99/attachment-0001.sig>

More information about the Pkg-haskell-maintainers mailing list