From: Hal <hfinney@shell.portal.com>
To: cypherpunks@toad.com
Message Hash: 0bb8ad2faad0af89ce2b968812d0f84e572877086fd5175dcb677fe8cf71fb1e
Message ID: <199405111717.KAA18320@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1994-05-11 17:16:58 UTC
Raw Date: Wed, 11 May 94 10:16:58 PDT
From: Hal <hfinney@shell.portal.com>
Date: Wed, 11 May 94 10:16:58 PDT
To: cypherpunks@toad.com
Subject: Re: converting old keys to new MIT PGP 2.5
Message-ID: <199405111717.KAA18320@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain
From: "Pat Farrell" <pfarrell@netcom.com>
> There has been a lot of speculation about the need to create new PGP 2.5
> keys to keep on the mit keyserver.
> [...]
> This surelooks like an 18 month old key with lots of sigs.
>
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: 2.5
>
> mQBNAiq7mr4AAAECAM9R8OL+Vr5uS85tCCI6caNElBdfobX9/0AKidfp/+D7MRz8
> [...]
> TrWnaA/CfuzIXEblwXnszOx5pP14uKpu3VBzyYZN1xGRe1OwFc9C/578a0XHefGQ
> cfoI1XmZ+TLtwA==
> =K5uB
> -----END PGP PUBLIC KEY BLOCK-----
I get "malformed or obsolete key signature" when I try to signature-check
this key using 2.5. That is exactly what the readme file warned about. PGP
changed its signature format in 2.2 or 2.3 but retained backward compatibility.
2.5 is no longer backwards compatible to signatures created in earlier
versions. Old keys with signatures have been harmed to this extent.
I should add that PGP has always had a policy (one which I don't like) that
compatibility would only be retained across two sub-versions. In other words,
messages and signatures created with 2.5 are only guaranteed to be usable with
2.6 but perhaps not 2.7. So this change might have been made anyway even with-
out the move to RSAREF.
It's also worth noting that the old signature format was a bug. The code
was originally supposed to be PKCS compatible (the format used in RSAREF
and PEM) but late changes broke it; the changes had to do with endian
conversions and the bytes ended up going out in reverse order. This was
not a security bug, just a compatibility problem. This problem was discovered
about a year later and was changed, but backwards compatibility was retained
by having PGP check for both signature formats. So, there has always been
regret about the PGP 2.0 signature format and a desire to abandon it.
Hal
Return to May 1994
Return to “Hal <hfinney@shell.portal.com>”
1994-05-11 (Wed, 11 May 94 10:16:58 PDT) - Re: converting old keys to new MIT PGP 2.5 - Hal <hfinney@shell.portal.com>