Re: pgcrypto: PGP signatures

On Wed, Sep 3, 2014 at 12:43 PM, Marko Tiikkaja <marko@joh.to> wrote:

On 2014-09-03 9:36 PM, Jeff Janes wrote:

I wanted to start simple so I have a file which is signed, but not
encrypted.  I can't figure out what to do with it.  All of the functions
seem to require that it also be encrypted.  I tried providing an empty
password for  pgp_sym_signatures but it didn't work.

Right.  This patch only adds support for signing data when encrypting it at the same time.  There's no support for detached signatures, nor is there support for anything other than signatures of encrypted data.  I should have been more clear on that in my initial email. :-(

OK, thanks.  How hard do you think it would to allow NULL (or empty string?) passwords to gpg_sym_signatures and gpg_sym_decrypt_verify to accommodate this?

I think docs section F.25.3 needs to be re-titled and expanded to reflect signatures as well as encryption, and an explanation added about signatures only being processed on encrypted data if that restriction can't be removed.

I've switched to using a signed plus symmetrically encrypted message for testing.

One surprising thing so far is that the 3rd argument to gpg_sym_decrypt_verify must be dearmored. I thought it would detect and dearmor automatically.

Once I wrap it in dearmor, I get the ERROR:  No signature matching the key id present in the message

The public key block I am giving it is for the keyid that is reported by pgp_sym_signatures, so I don't know what the problem might be.

When I get more time, I'll look at your examples from the regression tests to see if I can figure it out.

Thanks,

Jeff