[ Contents ]
14. Implementation Nits
This section is a collection of comments to help an implementer,
particularly with an eye to backward compatibility. Previous
implementations of PGP are not OpenPGP-compliant. Often the
differences are small, but small differences are frequently more
vexing than large differences. Thus, this list of potential problems
and gotchas for a developer who is trying to be backward-compatible.
* PGP 5.x does not accept V4 signatures for anything other than
key material.
* PGP 5.x does not recognize the "five-octet" lengths in new-format
headers or in signature subpacket lengths.
* PGP 5.0 rejects an encrypted session key if the keylength differs
from the S2K symmetric algorithm. This is a bug in its validation
function.
* PGP 5.0 does not handle multiple one-pass signature headers and
trailers. Signing one will compress the one-pass signed literal
and prefix a V3 signature instead of doing a nested one-pass
signature.
* When exporting a private key, PGP 2.x generates the header "BEGIN
PGP SECRET KEY BLOCK" instead of "BEGIN PGP PRIVATE KEY BLOCK".
All previous versions ignore the implied data type, and look
directly at the packet data type.
* In a clear-signed signature, PGP 5.0 will figure out the correct
hash algorithm if there is no "Hash:" header, but it will reject
a mismatch between the header and the actual algorithm used. The
"standard" (i.e. Zimmermann/Finney/et al.) version of PGP 2.x
rejects the "Hash:" header and assumes MD5. There are a number of
enhanced variants of PGP 2.6.x that have been modified for SHA-1
signatures.
* PGP 5.0 can read an RSA key in V4 format, but can only recognize
it with a V3 keyid, and can properly use only a V3 format RSA
key.
* Neither PGP 5.x nor PGP 6.0 recognize Elgamal Encrypt and Sign
keys. They only handle Elgamal Encrypt-only keys.
* There are many ways possible for two keys to have the same key
material, but different fingerprints (and thus key ids). Perhaps
the most interesting is an RSA key that has been "upgraded" to V4
format, but since a V4 fingerprint is constructed by hashing the
key creation time along with other things, two V4 keys created at
different times, yet with the same key material will have
different fingerprints.
* If an implementation is using zlib to interoperate with PGP 2.x,
then the "windowBits" parameter should be set to -13.
Updated: 1999-05-23 wkoch