<<< Date Index >>>     <<< Thread Index >>>

Re: [debianuser@xxxxxxxxx: GPG: Encrypting messages truncates trailing whitespace]



To quickly fix this in mutt, remove "if (sign)" from line 1163 of
pgp.c

I believe that the problem is with gnupg, though, and should be
fixed there.  Basically, we are seeing the interaction of two
different kinds of text mode here.  In the OpenPGP spec, there are
text-mode signatures, and text-mode literal data packets.  A
text-mode signature means that line endings are converted to CR LF
sequences, and trailing whitespace is skipped, FOR THE PURPOSE OF
SIGNING.  A text-mode literal data packet means that line endings
are converted to CR LF, but it says nothing about trailing
whitespace.

Strictly according to the spec, it would be entirely legitimate to
have a text-mode signature that uses a text-modee literal data
packet to store text with trailing whitespace.  It's then the
verifying program's task to ignore whitespace when verifying a
signature.

Practically, that's a bad idea, though, because pre-RFC2440 PGP only
ignores whitespace in "clearsign" signatures -- ordinary text-mode
signatures created by pre-RFC2440 PGP include trailing whitespace
when calculating the hash value.

What gnupg seems to do now is to cut off trailing whitespace when
creating text-mode packets.  This ensures that text-mode signatures
work even with pre-RFC2440 PGP versions on the verifying end of the
connection.  (Mutt tries to achieve the same thing by encoding
trailing whitespace in signed messages, and RFC 3156 also has some
things to say about this.)

That said, I don't see any reason why gnupg would chop off trailing
whitespace in literal data packets that are used for encryption only
-- there's no interoperability issue that this would cure.  Thus,
I'd suggest that gnupg keep its current strategy for text-mode
signatures, but no longer chop trailing whitespace in literal data
packets.

PS: Yes, this is an incredible mess.  Basically, the trailing
whitespace handling specified for text-mode signatures in RFC 2440
was a bug in the specification which subsequently became a bug in
all relevant implementations.  Fixing the spec wasn't an option any
more.

-- 
Thomas Roessler · Personal soap box at <http://log.does-not-exist.org/>.





On 2004-01-25 05:40:09 -0500, David Yitzchak Cohen wrote:
> From: David Yitzchak Cohen <lists+mutt_devs@xxxxxxxxxxxxxx>
> To: Mut Devs <mutt-dev@xxxxxxxx>
> Date: Sun, 25 Jan 2004 05:40:09 -0500
> Subject: [debianuser@xxxxxxxxx: GPG: Encrypting messages truncates trailing
>  whitespace]
> Mail-Followup-To: Mut Devs <mutt-dev@xxxxxxxx>
> X-Spam-Level: 
> 
> Maybe somebody here is better equipped to answer his question?
> 
>  - Dave
> 
> 
> ----- Forwarded message from debianuser <debianuser@xxxxxxxxx> -----
> 
> Date: Thu, 22 Jan 2004 22:41:33 -0500
> From: debianuser <debianuser@xxxxxxxxx>
> Subject: GPG: Encrypting messages truncates trailing whitespace
> To: mutt-users@xxxxxxxx
> User-Agent: Mutt/1.5.5.1+cvs20040105i
> X-Authentication-Info: Submitted using SMTP AUTH at out003.verizon.net from
>  [64.222.36.124] at Thu, 22 Jan 2004 21:41:30 -0600
> X-No-Archive: yes
> 
> Hello,
> 
> In testing encrypting and signing messages to my key, I've been having
> some problems, where the trailing space in my signature delimiter "-- "
> is truncated when I encrypt (only) messages.  Strangely enough, this
> does not occur when I encrypt and sign messages.  I started at the
> gnupg-users list to determine if the problem were with gpg, and after
> running some tests, I believe the issue to be related to Mutt.  I'm
> forwarding my best guess for what's going wrong; I'm wondering if Mutt
> isn't protecting the trailing whitespaces with quoted-printable encoding
> before encrypting with the --textmode flag, which I presume is there for
> a reason, and don't wish to remove.  Of course, the problem could be
> something entirely different.
> 
> If there is anything I can send or do to help nail down the source of
> this issue, please let me know!
> 
> Nick
> 
> ----- Forwarded message from debianuser <debianuser@xxxxxxxxx> -----
> 
> Date: Wed, 21 Jan 2004 20:47:12 -0500
> From: debianuser <debianuser@xxxxxxxxx>
> Subject: Re: Encrypting messages truncates trailing whitespace
> To: gnupg-users@xxxxxxxxx
> User-Agent: Mutt/1.5.5.1+cvs20040105i
> 
> I went ahead and checked out what my default pgp settings were with
> Mutt, as shipped with Debian Sid.  Here are the differences between
> encryption only and sign + encrypt (sorry about the long lines):
> 
> set pgp_encrypt_only_command="/usr/lib/mutt/pgpewrap gpg  --charset utf-8    
> --batch  --quiet  --no-verbose --output - --encrypt --textmode --armor 
> --always-trust -- -r
>  %r -- %f"
> set pgp_encrypt_sign_command="/usr/lib/mutt/pgpewrap gpg  --charset utf-8 
> --passphrase-fd 0  --batch --quiet  --no-verbose  --textmode --output - 
> --encrypt --sign %?a?-
> u %a? --armor --always-trust -- -r %r -- %f"
> 
> Since --textmode appears with both invocations, I'm guessing the problem
> is otherwise.  I went ahead and ran the modified test you suggested
> Darren, and sure enough, line endings were stripped off with --textmode.
> I've found though that this is expected behavior.  Ingo says[1]:
> 
> > According to the OpenPGP spec trailing white spaces have to be removed 
> > in text mode before signing. If you don't want them to be removed don't 
> > use the text mode.
> 
> I then ran into a post by Werner, where he explains[2]:
> 
> > If you are writing an email client,
> > you should better make sure that there are no trailing whites spaces
> > (they cause compatibility problems with old PGP versions) and if you
> > want a trailing white space (say for the "-- " prefix), you should
> > convert the mail to quoted-printable.
> 
> I then recalled that Mutt has a configuration setting that ensures it
> encodes the message as quoted-printable in order to protect such
> whitespace.  I'll copy the text here:
> 
> >  pgp_strict_enc
> > 
> >  Type: boolean
> >  Default: yes
> > 
> >  If set, Mutt will automatically encode PGP/MIME signed messages as
> >                                              ^^^^^^^^^^^^^^^
> >  quoted-printable. Please note that unsetting this variable may lead to
> >  problems with non-verifyable PGP signatures, so only change this if you
> >  know what you are doing.
> 
> I'm wondering now if the behavior I'm seeing is because Mutt is
> correctly encoding my signed+encrypted message as quoted-printable,
> thereby eliminating all trailing spaces before they are stripped off,
> but is *not* doing this for encrypted only messages.
> 
> To those of you more familiar with these software packages, is this at
> all plausible?  If you think so, I'll head over to Mutt-users and see
> what they have to say.
> 
> Thanks again for the help,
> 
> Nick
> 
> [1] http://marc.theaimsgroup.com/?l=gnupg-users&m=99445372020149&w=2
> 
> [2] http://marc.theaimsgroup.com/?l=gnupg-users&m=98157314315351&w=2
> ----- End forwarded message -----
> 
> -- 
> Encrypted messages are encouraged.
> Please use key BE291159, available at http://blug.brown.edu/ye-olde-key.asc
> Primary key fingerprint: 4441 EEF7 F63D 8E2E AC83  CC25 7E61 4300 BE29 1159
> 
> ----- End forwarded message -----
> 
> -- 
> Uncle Cosmo, why do they call this a word processor?
> It's simple, Skyler.  You've seen what food processors do to food, right?
> 
> Please visit this link:
> http://rotter.net/israel


Attachment: pgpQD8MalJyTk.pgp
Description: PGP signature