Remove leading two hash octets from v5 signatures (!208) · Merge requests · openpgp-wg / rfc4880bis

Daniel Huigens requested to merge twisstle/rfc4880bis:v5-sig-remove-hash-octets into main Jul 20, 2022

In v4 signatures, these hash octets are not universally checked, and sometimes broken: https://mailarchive.ietf.org/arch/msg/openpgp/Zv8v1IwbbXYiDPKytfbUmtNdxak/.

Thus, remove them in v5 altogether. This also allows implementations to use integrated hash+sign/verify APIs in underlying crypto libraries, where relevant, without needing to access the hash itself.

Remove leading two hash octets from v5 signatures

Merge request reports