hash_head is broken #12

singpolyma opened this Issue Apr 26, 2012 · 1 comment


None yet

1 participant


hash_head is supposed to be the first 16 bits of the hash that was signed over. In the Crypto version it's currently the first 16 bits of the signature. I think this is wrong, especially since there's no reasonable interpretation of that in the context of DSA. The CryptoAPI submodule currently sets hash_head to 0.


This is hard to test for sure, because gpg completely ignores hash_head in signature verification. As do all the libraries I have written.

I have updated Data.OpenPGP.Crypto to use the front of the signed data, but maybe it's supposed to be the front of the unpadded hash? Hard to say.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment