Multiple signatures over a document

On Wed, 11 Oct 2006 06:21:50 -0400 "Nickolay L."
<ni4ukr.net> 
wrote:

>I cannot resolve, how to correctly calculate multiple
signatures 
>over
>the document. I'm hashing entire document body +
beginning of
>signature (as described in 2440), and everything is ok.
>But, when I'm producing two old-style signatures :
>1) GnuPG checks only the first one, and says that it's
ok
>2) PGP 8.1 checks both, but says that first one is
invalid, and 
>the
>second is ok
>
>Producing two new-style signatures (with one-pass
signature 
>packets),
>getting :
>1) GnuPG checks both, and says that they're correct.
>2) PGP 8.1 checks both, and says that first is invalid,
and second 

>one
>is valid.
>
>It seems, that PGP calculates the signature over the
whole 
>document +
>bodies of other signatures.
>
>But from 2440 it seems, that signed hash must not
include other
>signatures.
>
>Please, anybody can clearly describe, what behavior is
correct?
>
>And, maybe, such situation must be described in 2440?


do not know what is 'correct',
but do know what is *compatible*

using the sample keypairs that were posted here,
here is an example of a message signed by both sample keys,
and 
encrypted to one of them,
with both signatures verifiable as 'good'
by both gnupg and pgp :

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.5 (MingW32)
Comment: double-signed, encrypted,  passphrase = password

hQIOAyYaxlDFAtObEAf/R/PHOXh+iYUHDCLCWqP6BQv/zw+hvsHHxgY2wk4k
OR9C
K3pMWo1JHOHhdqjmSGqamw7dDAPPz2wn3KDnnNzf0cnxKi7xDpalkbi6LD2p
btbm
nNf7XWVU1iAaJDRFzN4qpeoJacl/Vdghph2OsWebRzbH2npjqEqIoIIEWsDk
0XbH
f0c9xlkAprouzsGT5VQb9WRS+MhBUewPbrn5wfYAZxN2dUbhERox5PJRkMiC
sbVC
GPaVXbFgYOyCO9KYY1BbZZYvqBOrVkbIqGBXIlx8oWWSSXQXFaA+jy5Vx5O0
vFt3
43Dq67CfkPiUnmgnmQywq5uRwfsXbBJsZ8JyQq+3ogf/VUQ/oPqHJawPt2rw
nbCB
sYjBmJoCYj7z4KMNzrp6mska+9wvxQ1p86oxk6nl1JTfKIerte10Ljfo46aG
/HIJ
zjZa8vJMKx0bGf6bo2tqwq2TGevs7Zfh/qBNEqY09DnNTbmRFYMDmZ4ektR9
OkbT
heTIhsMx6NOjE0k5WbSQwATdaeut8Dep4Dk+XVo2MTCRAo6rpxjM+jtfJTmd
8cR8
mBGPKiuzk3V2dEyw23cWV+CFK8v5vwfAUJY6m+QGDBewAdEMxhjESvQiH1rw
rZcS
W4p2GZIdfrE+dkQGl5vQ9EWywZzP/mqEvg4CMAK2V3DKuvLe/yrx1yZIKicp
gUsR
AYUBDANhDmKfZ2eDtQEH/RAZ6fK0UIXOZteWo5gPVXytfLRKRldGTImhDNs1
MAS3
4yqqg0PWcQwi+lBQg1P9rjPDiS1uNUFCtY1DuOWWKtYMHrBDFIhvAm9I7fwJ
sUVg
slQk6eiLmEfe1REIjwl7N4k6LAEuP5nlKhMn/4a+X+HZy4qT9kFe5xfCvHVl
t3qC
MSu6BwJzHFLx03mNR2J3iY1GpMwVh37G8LiWc9vkJCeSx/TYr90wOqs0asPr
YUEU
aHbkWt8y+fjSOH8Sp7itGTVtpAT76B5AhyctLfpCMJEQDOCv9z89mIhDvgbX
xeyO
JqsX5jT3QD5b04RfwygUFrPm8Qu4nENZjIm5wn4seEjSwQEBq3teHpA5pAQG
uP65
aaHASYUIpI077+S4pUnazwrTQxyrvtDAeyTrP6iA6kvq4fUSWYJC5MhS4Cfs
5zkB
4/FkbT5/HyNHLVjRpIVL8SriXgwfWYhQDfIaXwTmD7Jx33Zxpn/Aj37B/0Aa
lLT5
WC55AyV3r1mTEkTPM7wR0oqs+pPKxnFFShj2rOQsN/JrVQfe7hnerxQQZVuK
yFvs
hYKgyFii+6XiWE+kLn2y6J2jDpz2OpQFjAj/dh+Hts2EqO54ZgZ/DnaHpB8+
04k2
SDq/SuVrVxU4mq3x9HTGljlnrg6Y2NQPr/4pnFTiUbx1e4IZjXc1Xn1WZFm3
Z1oy
MkGG2876asXh0JozkdRqcstCboLDb7DfNfpe98WuocUWeTHvWp4x+0mtTVFM
NW3I
9qsK7Nk4ZXUUVs/cawWT957FsxAreNJgPcEwzkMLsiS/PSLv9r7fJA9fFcUK
4YCG
9N/JlMuaZSYz+AuuinVFVVglAnkK8DTEQaY84Y14P8oZ8nqraKsI51aQodXB
EOh9
YRsqUhIWJLUG3ujJCHwisa2d6qDSUajjQhW5Jgu/EWDcECoiNnL5Ajs4HFms
F+g3
NGLoEA==
=0xrg
-----END PGP MESSAGE-----


here is the verbose gnupg output upon decryption:

:pubkey enc packet: version 3, algo 16, keyid
261AC650C502D39B
        data: [2047 bits]
        data: [2047 bits]

You need a passphrase to unlock the secret key for
user: "Sample SecureBlackbox PGP key<infoeldos.com>"
2048-bit ELG-E key, ID C502D39B, created 2005-12-13 (main
key ID 
2A35EB74

:pubkey enc packet: version 3, algo 1, keyid
610E629F676783B5
        data: [2045 bits]
:encrypted data packet:
        length: 449
        mdc_method: 2
:compressed packet: algo=1
:onepass_sig packet: keyid 610E629F676783B5
        version 3, sigclass 00, digest 8, pubkey 1, last=0
:onepass_sig packet: keyid A97CE19B2A35EB74
        version 3, sigclass 00, digest 8, pubkey 17, last=1
:literal data packet:
        mode b (62), created 1161276131,
name="mst.txt",
        raw data: 21 bytes
:signature packet: algo 17, keyid A97CE19B2A35EB74
        version 3, created 1161276131, md5len 5, sigclass 00
        digest algo 8, begin of digest 09 57
        data: [157 bits]
        data: [158 bits]
:signature packet: algo 1, keyid 610E629F676783B5
        version 3, created 1161276131, md5len 5, sigclass 00
        digest algo 8, begin of digest 09 57
        data: [2046 bits]

Press any key to continue . . .

gpg: armor: BEGIN PGP MESSAGE
gpg: armor header: 
gpg: armor header: 
gpg: public key is C502D39B
gpg: using subkey C502D39B instead of primary key 2A35EB74
gpg: using subkey C502D39B instead of primary key 2A35EB74
gpg: WARNING: cipher algorithm TWOFISH not found in
recipient 
preferences
gpg: public key encrypted data: good DEK
gpg: public key is 676783B5
gpg: encrypted with 2048-bit RSA key, ID 676783B5, created 
12/13/2005
      "Sample SecureBlackbox PGP key<infoeldos.com>"
gpg: encrypted with 2048-bit ELG-E key, ID C502D39B, created

12/13/2005
      "Sample SecureBlackbox PGP key<infoeldos.com>"
gpg: TWOFISH encrypted data
gpg: original file name='mst.txt'
gpg: Signature made 10/19/2006 12:42:11 using DSA key ID
2A35EB74
gpg: Good signature from "Sample SecureBlackbox PGP 
key<infoeldos.com>"
gpg: WARNING: This key is not certified with a trusted
signature!
gpg:          There is no indication that the signature
belongs to 
the owner.
Primary key fingerprint: 4D52 32BB 2228 BAAB 8F1D  C10E A97C
E19B 
2A35 EB74
gpg: binary signature, digest algorithm SHA256
gpg: Signature made 10/19/2006 12:42:11 using RSA key ID
676783B5
gpg: Good signature from "Sample SecureBlackbox PGP 
key<infoeldos.com>"
gpg: WARNING: This key is not certified with a trusted
signature!
gpg:          There is no indication that the signature
belongs to 
the owner.
Primary key fingerprint: 2B8C 0F9B C47B B6BD 06ED  87C5 610E
629F 
6767 83B5
gpg: binary signature, digest algorithm SHA256
gpg: decryption okay
gpg: session key: 
`10:F4CF7598DEC06A1FBDF5B79CB667616919D1443E045A4EA7C4B37C4F
D9C0F77B
'

Time: 10/19/2006 1:04:45 PM (10/19/2006 5:04:45 PM UTC)


afaik,
gnupg is the only open-pgp implementation that can produce
multiple 
simultaneous signatures

in order for other implementations to do so too,
there should be some clear directions in rfc 2440 as to how
to do 
so in a way that would be compatible to all open-pgp
programs


vedaal



Concerned about your privacy? Instantly send FREE secure
email, no account required
http://www.hushmai
l.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com
?l=485

Hello vedaal,

vhc> do not know what is 'correct',
vhc> but do know what is *compatible*

vhc> using the sample keypairs that were posted here,
vhc> here is an example of a message signed by both
sample keys, and 
vhc> encrypted to one of them,
vhc> with both signatures verifiable as 'good'
vhc> by both gnupg and pgp :

Thank you for your investigations, i'll look over the
resulting file with our
implementation (SBB).

vhc> afaik,
vhc> gnupg is the only open-pgp implementation that can
produce multiple 
vhc> simultaneous signatures

vhc> in order for other implementations to do so too,
vhc> there should be some clear directions in rfc 2440 as
to how to do 
vhc> so in a way that would be compatible to all open-pgp
programs
Yes, i also think that this situation must be reviewed in
2440.

--
  Best regards,Nickolay mailto:<ni4ukr.net>