that discrepancy between spec & implementation of DSIG hashing (RE: First draft of the ballot comments on the new amendment)
Hin-Tak Leung
htl10 at users.sourceforge.net
Sun May 22 11:09:50 CEST 2016
Hi Greg, and the other Microsoft folks,
I understand there are a few big typography events lately so this may have fallen through the crack. It has been almost a month - have you had any chance/time looking at the Microsoft implementation of the signing tool to confirm that it does not zero the checksum in the head table before hashing, in contrast to what it says in the spec?
Hin-Tak
--------------------------------------------
On Wed, 27/4/16, Hin-Tak Leung <htl10 at users.sourceforge.net>
wrote:
Hi Greg,
If you can have a look at the Microsoft code and check soon,
that would be great. My implementation (
https://github.com/HinTak/Font-Validator/blob/master/DSIGInfo/DSIGInfo.cs
) was checked against at least all the Win 8.1 and win 7
shipped fonts, so I am fairly sure that's how Microsoft
signs their own shipping fonts :-). The checksum's are
adjusted to those without the DSIG table, but not zero'ed.
Martin: If you can locate you old work, conceptually, the
hash is simply of "a valid font stripped of the DSIG table +
two bytes appended".
Hin-Tak
--------------------------------------------
On Wed, 27/4/16, Greg Hitchcock <gregh at microsoft.com>
wrote:
I've not had a chance
to look at the code to verify this one way or another. It
seems to me it would be wrong to not zero out the
CheckSumAdjustment in the head table. I will not be able
to
look at this right away, but hope to soon.
GregH
More information about the mpeg-otspec
mailing list