search

rnpgp / rnp

RNP: high performance C++ OpenPGP library used by Mozilla Thunderbird
https://www.rnpgp.org
Other
199 stars 55 forks source link

rnp reports "wrong armor trailer" for cleartext-signed message generated by GnuPG #2222

Closed dkg closed 5 months ago

dkg commented 5 months ago

rnp claims that a GnuPG-generated armor checksum is invalid in a cleartext-signed message.

In particular, the error message is:

[armored_src_read() ./src/librepgp/stream-armor.cpp:424] Warning: missing or malformed CRC line
[armored_src_read() ./src/librepgp/stream-armor.cpp:428] wrong armor trailer

I would have expected it to agree with GnuPG about the CRC line

Example below.

$ rnpkeys --export-key $PGPID
-----BEGIN PGP PUBLIC KEY BLOCK-----

xjMEZXEJyxYJKwYBBAHaRw8BAQdA5BpbW0bpl5qCng/RiqwhQINrplDMSS5JsO/YO+5Zi7HNEDxk
a2dAZGViaWFuLm9yZz7CwBEEExYKAHkDCwkHRxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNlcXVv
aWEtcGdwLm9yZ4l+Z3i19Uwjw3CfTNFCDjRsoufMoPOM7vM8HoOEdn/vAxUKCAKbAQIeARYhBNR3
BAxwwhVqXCmFSbt+kQFJXmv3BQJlp1+QBQkF2fBFAAoJELt+kQFJXmv36jAA/3dsXMSZPJSP6WaG
ui3stJCDer3f0wep3pOVR3+I8+B8AQDud/dXn9Y9MOGxzYvVyA9VwA17jaP8pkVYq5Niye3TCs0X
PGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD7CwBEEExYKAHkDCwkHRxQAAAAAAB4AIHNhbHRAbm90YXRp
b25zLnNlcXVvaWEtcGdwLm9yZxLvwkgnslsAuo+IoSa9rv8+nXpbBdab2Ft7n4H9S+d/AxUKCAKb
AQIeARYhBNR3BAxwwhVqXCmFSbt+kQFJXmv3BQJlp1+QBQkF2fBFAAoJELt+kQFJXmv3I1cA/jjY
3RzO+KwGuhBIoqmj45abYmmcQlahWF54m+hG2QEZAQD550fKVvLwgZw1xyruuYzasBd2h++tTWjq
qjBX6aYPBs0TRGFuaWVsIEthaG4gR2lsbG1vcsLAFAQTFgoAfAMLCQdHFAAAAAAAHgAgc2FsdEBu
b3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jne1+E4IiDcJ84eI2q9D3/2+YYMRT54AhcSUpra/39GIkD
FQoIApkBApsBAh4BFiEE1HcEDHDCFWpcKYVJu36RAUlea/cFAmWnX5AFCQXZ8EUACgkQu36RAUle
a/eWOwEAiMogSItXWs9OPUAQn+/SGqi5r6LzBqN75p7zaPgG9qQBAPeXoy51vbPwqjoHOrYeSq4N
+AQVIDM4xKLVnSG4vqUGzjMEZXEJyxYJKwYBBAHaRw8BAQdAjX25Fq2Q9IUFeHy6yByIQPBnFOed
FliuEiCIUzJsENDCwMUEGBYKAS1HFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Au
b3JnwqKWsw56uoWVLIFcs7ZecJgwpsSNevWCzbviKQ8yRLUCmwK+oAQZFgoAbwWCZXEJywkQdy0W
HjXNS4FHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnEIJSOxuw2y/UJmg5
M3BLpN0JYjODZpXiEVFu1byARzMWIQR0vATEPYYIS+hnLAZ3LRYeNc1LgQAAsH8BAKg1C5LK/D7p
SkXCD+jfTSP+CqM58iHLjh4vKhpOKsTJAQCHldtEjxJ1ksPTFgG9HihHH7qc6/wvvLw77ETMpwlr
AxYhBNR3BAxwwhVqXCmFSbt+kQFJXmv3BQJlp1+rBQkCF4lgAAoJELt+kQFJXmv3ydsA/2roQZ2J
m/7iUrg/2C5ClWA/xbvPC31LyMkGGH2/rq8tAP9BgqLuCPnNTVPqeX9+9qqMmaFq7wmvjq5I+yyc
Aw9CDc44BGVxCcsSCisGAQQBl1UBBQEBB0BZMsRrRaaeFSYMF1ZdfRmVgBriDUIr99eDQ085BK14
DgMBCAfCwAYEGBYKAG5HFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnsazA
WXtEHUPmSTmcRZAIsAsNiO8k0hdjsfRlRVipgJgCmwwWIQTUdwQMcMIValwphUm7fpEBSV5r9wUC
ZadfqwUJAheJYAAKCRC7fpEBSV5r90AjAPwLgY1iKiFJEj32SVD5f721929l79VxQB5FlQssx1n5
kQEA6Uct2tPvbB6T7p5KG3Gl+tbi7oJAuxFmpkpW5/N2Owg=
=gaxS
-----END PGP PUBLIC KEY BLOCK-----
$ cat 0.signed 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

test
-----BEGIN PGP SIGNATURE-----

iHUEARYIAB0WIQR0vATEPYYIS+hnLAZ3LRYeNc1LgQUCZiu5YwAKCRB3LRYeNc1L
gT7ZAQCerr6oFMzanfgLEfH5phZ6Rpxb7e6GRi2XZTCGfsKItQEA9BTnJ4Jzjq00
URFjZryC0V6SR0YFFWaBDN6mI/yTHQY=
=cpUs
-----END PGP SIGNATURE-----
$ rnp --verify 0.signed 
[armored_src_read() ./src/librepgp/stream-armor.cpp:424] Warning: missing or malformed CRC line
[armored_src_read() ./src/librepgp/stream-armor.cpp:428] wrong armor trailer
Good signature made Fri Apr 26 10:25:39 2024
using EdDSA key 772d161e35cd4b81
sub   255/EdDSA 772d161e35cd4b81 2023-12-06 [S] [EXPIRES 2025-01-16]
      74bc04c43d86084be8672c06772d161e35cd4b81
Signature(s) verified successfully
$ $ rnp --version
rnp 0.17.0-3
Ribose Inc. <rnpgp@ribose.com>
Backend: Botan
Backend version: 2.19.4
Supported algorithms:
Public key:  RSA, ELGAMAL, DSA, ECDH, ECDSA, EDDSA, SM2
Encryption:  IDEA, TRIPLEDES, CAST5, BLOWFISH, AES128, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256, SM4
AEAD:  None, EAX, OCB
Key protection:  CFB
Hash:  MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224, SHA3-256, SHA3-512, SM3
Compression:  Uncompressed, ZIP, ZLIB, BZip2
Curves:  NIST P-256, NIST P-384, NIST P-521, Ed25519, Curve25519, brainpoolP256r1, brainpoolP384r1, brainpoolP512r1, secp256k1, SM2 P-256
Please report security issues at (https://www.rnpgp.org/feedback) and
general bugs at https://github.com/rnpgp/rnp/issues.
$
ni4 commented 5 months ago

Thanks for reporting! This is fixed in main via the commit 96e5c9d99ead2600e9595d8168a18024e7d871be , however didn't get to v0.17.1 branch yet, so I added it there as well.