1994-05-27 - Re: Malformed Signatures?

Header Data

From: Derek Atkins <warlord@MIT.EDU>
To: paul@hawksbill.sprintmrn.com (Paul Ferguson)
Message Hash: e9bb775710fb6ab3dcc0f60c3ba6cd402e8cff89b821044854c116da69e93c66
Message ID: <9405270236.AA00459@milquetoast.MIT.EDU>
Reply To: <9405270230.AA05721@hawksbill.sprintmrn.com>
UTC Datetime: 1994-05-27 02:36:32 UTC
Raw Date: Thu, 26 May 94 19:36:32 PDT

Raw message

From: Derek Atkins <warlord@MIT.EDU>
Date: Thu, 26 May 94 19:36:32 PDT
To: paul@hawksbill.sprintmrn.com (Paul Ferguson)
Subject: Re: Malformed Signatures?
In-Reply-To: <9405270230.AA05721@hawksbill.sprintmrn.com>
Message-ID: <9405270236.AA00459@milquetoast.MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain

There was a bug in the old versions of PGP.  It was discovered
in version 2.2, and was corrected, somewhat in version 2.3.
The bug was that the RSA-encoded certificated were actually
in the reverse byte-order than they should have been, before they
were encoded in the RSA encryption.

This was somewhat corrected in 2.3, in that 2.3 could read the new,
correct, pkcs_compatible signature, although PGP didn't start
outputting this corrected signtature until 2.3a.

PGP version 2.6 cannot read the old version.  This means that anything
that was created with versions before 2.3a cannot be read by version
2.6, and this is what you are seeing when you see "Malformed or
obsolete signature format"..  It is a signature that was created
before 2.3a, and therefore 2.6 does not understand it.

FYI: PGP 2.6 has a neat feature... If you recreate a signature in
the new format, with a newer timestamp than an old signature, 2.6
will use the newer signature in lieu of the older signature when
merging keyrings, so you can replace old signatures.


PS: This had to happen eventually.