nasryn
commented
6 years ago After digging through GPG source code, it seems like NUL bytes are treated the same as trailing whitespaces/newlines, as in they are ignored and collectively replaced with CRLF. Note that newline characters are still considered the "end of line", so in Little Endian cases like "abcd\n\0", the NUL byte is ignored.
So a fix would be:
- Treat NUL bytes the same way we treat trailing whitespaces/newlines (remove all of them and replace all of it with /r/n)
- For Little Endian scenarios, remove final NUL character
If ya'll agree, I can contribute this fix later.
Thanks! Nasryn
Hey guys,
I was looking through the specs in RFC4880 pertaining to OpenPGP clearsign. Looking through the canonicalization section as well as the bouncy castle source code, I do see that trailing white spaces and line endings need to be modified. However, I do not see any reference or spec on how to handle multi-byte encodings. Signatures generated through Bouncy Castle's ClearSign integration tests do not validate for a UCS-2 BE input files; however, those same files will sign and validate properly when UTF-8 encoded.
I verified that GPG properly does sign and verify multi-byte encodings. Is this something that Bouncy Castle does not support?
Any information on this would be greatly appreciated! :)
Thanks, Nasryn