You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
OpenPGP signatures can consist of multiple signature packets. It should be sufficient to trust any of those signatures provided you trust the signing key for that purpose.
go_crypto currently assumes an OpenPGP signature is a single packet
For example, Debian Release signatures contain multiple signature packets signed with Debian's legacy and current keys:
$ gpg --list-packets /tmp/Release.gpg
:signature packet: algo 1, keyid 8B48AD6246925553
version 4, created 1429960298, md5len 0, sigclass 0x00
digest algo 8, begin of digest e7 9f
hashed subpkt 2 len 4 (sig created 2015-04-25)
subpkt 16 len 8 (issuer key ID 8B48AD6246925553)
data: [4096 bits]
:signature packet: algo 1, keyid 7638D0442B90D010
version 4, created 1429960298, md5len 0, sigclass 0x00
digest algo 8, begin of digest e7 9f
hashed subpkt 2 len 4 (sig created 2015-04-25)
subpkt 16 len 8 (issuer key ID 7638D0442B90D010)
data: [4095 bits]
:signature packet: algo 1, keyid CBF8D6FD518E17E1
version 4, created 1429960324, md5len 0, sigclass 0x00
digest algo 8, begin of digest 90 19
hashed subpkt 2 len 4 (sig created 2015-04-25)
subpkt 16 len 8 (issuer key ID CBF8D6FD518E17E1)
data: [4094 bits]
The text was updated successfully, but these errors were encountered:
ianlancetaylor
changed the title
only the first packet is considered for openpgp signatures with multiple signature packets
x/crypto/openpgp: only the first packet is considered for openpgp signatures with multiple signature packets
Aug 21, 2015
OpenPGP signatures can consist of multiple signature packets. It should be sufficient to trust any of those signatures provided you trust the signing key for that purpose.
go_crypto currently assumes an OpenPGP signature is a single packet
For example, Debian Release signatures contain multiple signature packets signed with Debian's legacy and current keys:
The text was updated successfully, but these errors were encountered: