Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

x/crypto/openpgp: Encrypt writes signature at the end #16707

Closed
emersion opened this issue Aug 15, 2016 · 1 comment
Closed

x/crypto/openpgp: Encrypt writes signature at the end #16707

emersion opened this issue Aug 15, 2016 · 1 comment

Comments

@emersion
Copy link

openpgp.Encrypt writes the signature packet after the encrypted key and the symmetrically encrypted packet. According to the RFC, an OpenPGP signed message is either a signature packet followed by a message or a one-pass signed message (https://tools.ietf.org/html/rfc4880#section-11.3).

Thus, this implementation is violating the RFC by writing the message followed by the signature (no one-pass). To fix it, a one-pass signature packet (https://tools.ietf.org/html/rfc4880#section-5.4) should be written before the encrypted message.

@quentinmit quentinmit added this to the Unreleased milestone Aug 15, 2016
@emersion
Copy link
Author

emersion commented Aug 16, 2016

My bad, the one-pass signature packet is correctly written.

@golang golang locked and limited conversation to collaborators Aug 16, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

3 participants