PGP Dash-Escaped Text is still parsed for the PGP signature. Note that the File Format Description and ABNF Grammar of RFC 9116 explicitly only allows - in the cleartext part, not the signature. Specific problematic code that currently only checks if it's signed and not still reading the hash-header:
|
# signed content might be dash escaped |
|
if self._signed and not self._reading_sig and line.startswith("- "): |
|
line = line[2:] |
Solution would be some cleartext variable to be set and reset per line if - is parsed, not to parse - -----END PGP SIGNATURE----- as valid, which is currently the case. There seems to be no need to ever use - escaping in sectxt, since all lined should either start with a field name or # comment. Probably it is there to be compatible with other PGP tooling.
PGP Dash-Escaped Text is still parsed for the PGP signature. Note that the File Format Description and ABNF Grammar of RFC 9116 explicitly only allows
-in thecleartextpart, not thesignature. Specific problematic code that currently only checks if it's signed and not still reading thehash-header:sectxt/sectxt/__init__.py
Lines 135 to 137 in 79bb386
Solution would be some
cleartextvariable to be set and reset per line if-is parsed, not to parse- -----END PGP SIGNATURE-----as valid, which is currently the case. There seems to be no need to ever use-escaping in sectxt, since all lined should either start with a field name or#comment. Probably it is there to be compatible with other PGP tooling.