Re: pgcrypto: PGP signatures

On Wed, Sep 3, 2014 at 12:43 PM, Marko Tiikkaja <marko(at)joh(dot)to> wrote:

> On 2014-09-03 9:36 PM, Jeff Janes wrote:
>
>> I wanted to start simple so I have a file which is signed, but not
>> encrypted. I can't figure out what to do with it. All of the functions
>> seem to require that it also be encrypted. I tried providing an empty
>> password for pgp_sym_signatures but it didn't work.
>>
>
> Right. This patch only adds support for signing data when encrypting it
> at the same time. There's no support for detached signatures, nor is there
> support for anything other than signatures of encrypted data. I should
> have been more clear on that in my initial email. :-(
>
>
OK, thanks. How hard do you think it would to allow NULL (or empty
string?) passwords to gpg_sym_signatures and gpg_sym_decrypt_verify to
accommodate this?

I think docs section F.25.3 needs to be re-titled and expanded to reflect
signatures as well as encryption, and an explanation added about signatures
only being processed on encrypted data if that restriction can't be removed.

I've switched to using a signed plus symmetrically encrypted message for
testing.

One surprising thing so far is that the 3rd argument to
gpg_sym_decrypt_verify must be dearmored. I thought it would detect and
dearmor automatically.

Once I wrap it in dearmor, I get the ERROR: No signature matching the key
id present in the message

The public key block I am giving it is for the keyid that is reported
by pgp_sym_signatures, so I don't know what the problem might be.

When I get more time, I'll look at your examples from the regression tests
to see if I can figure it out.

Thanks,

Jeff