Skip to the Main Content

Note:These pages make extensive use of the latest XHTML and CSS Standards. They ought to look great in any standards-compliant modern browser. Unfortunately, they will probably look horrible in older browsers, like Netscape 4.x and IE 4.x. Moreover, many posts use MathML, which is, currently only supported in Mozilla. My best suggestion (and you will thank me when surfing an ever-increasing number of sites on the web which have been crafted to use the new standards) is to upgrade to the latest version of your browser. If that's not possible, consider moving to the Standards-compliant and open-source Mozilla browser.

May 26, 2006

Bug in Crypt::OpenPGP

Ben Trott probably has other, more high-flying things to think about than a bug in a (probably long-forgotten) Perl Module. But Austin Frank recently uncovered an obscure bug in Crypt::OpenPGP, which we use here to verify PGP-signed comments.

Most people, these days, have a DSA primary key (used for signing) and an El-Gamal subkey (used for encryption). Austin has an RSA primary key and DSA (signing) and El-Gamal (encryption) subkeys. Nothing wrong with that and, as far as I can tell, GnuPG handles such keys just fine. But Crypt::OpenPGP seems to barf on any message signed by Austin, leading me to suspect a bug in its handling of keys of this sort.

I’ve filed a bug report, but I’m not holding my breath.

Posted by distler at May 26, 2006 9:25 AM

TrackBack URL for this Entry:

5 Comments & 0 Trackbacks

Re: Bug in Crypt::OpenPGP

I’m not holding my breath

Good for your health :) Seriously, I don’t think Ben Trott will have time to even notice the bug report, let alone fix it!

Posted by: Srijith on June 1, 2006 2:03 AM | Permalink | Reply to this

Re: Bug in Crypt::OpenPGP

Thanks for the vote of confidence, Srijith!

Here’s a patch that seems to fix the second problem in the RT ticket, at least. It doesn’t break any part of the test suite that wasn’t already breaking on my laptop (a separate issue), and it makes your test case with Austin’s key succeed.

That said, I’m kind of suspicious about it, because it seems like such an obvious change that I’m curious why I didn’t write it this way to begin with, so let me know if it breaks anything else for you.

---  (revision 1935)
+++  (working copy)
@@ -393,7 +393,7 @@
                 unpack('H*', $key_id))
                 unless $kb;
-        $cert = $kb->signing_key;
+        $cert = $kb->key_by_id($key_id);
 ## pgp2 and pgp5 do not trim trailing whitespace from "canonical text"
Posted by: Ben on June 3, 2006 11:20 PM | Permalink | Reply to this

Re: Bug in Crypt::OpenPGP


Yes, that seems to do the trick.

(I don’t think this fixes the key-importing problem but, at least once I get one of these keys imported correctly, the signature-verification works.)

Thanks, Ben!

Posted by: Jacques Distler on June 3, 2006 11:48 PM | Permalink | PGP Sig | Reply to this

Re: Bug in Crypt::OpenPGP

Well… sorta

However we do it, there’s still the “associate a public-key ID with the commenter’s URL” issue (handled by a separate database of key-ID/URL pairs). Here, the signing key is a subkey so, when the plugin goes to look it up in the database, the match fails.

But I’m not going to try straightening out the logic in the plugin until Crypt:OpenPGP can handle the key-importation aspect for these keys.

Posted by: Jacques Distler on June 4, 2006 1:40 AM | Permalink | PGP Sig | Reply to this

Re: Bug in Crypt::OpenPGP

I stand corrected Ben! Thanks for the effort.

Posted by: Srijith on June 6, 2006 3:50 AM | Permalink | PGP Sig | Reply to this

Post a New Comment