that discrepancy between spec & implementation of DSIG hashing (RE: First draft of the ballot comments on the new amendment)

Greg Hitchcock gregh at microsoft.com
Mon May 23 17:29:57 CEST 2016 

Sorry, I've not had a chance to look at this code yet.

GregH

-----Original Message-----
From: Hin-Tak Leung [mailto:htl10 at users.sourceforge.net] 
Sent: Sunday, May 22, 2016 2:10 AM
To: VladimirLevantovsky <vladimir.levantovsky at monotype.com>; Greg Hitchcock <gregh at microsoft.com>
Cc: mpeg-OTspec at yahoogroups.com; Typography Site Comments <mstwsite at microsoft.com>
Subject: that discrepancy between spec & implementation of DSIG hashing (RE: First draft of the ballot comments on the new amendment)

Hi Greg, and the other Microsoft folks,

I understand there are a few big typography events lately so this may have fallen through the crack. It has been almost a month - have you had any chance/time looking at the Microsoft implementation of the signing tool to confirm that it does not zero the checksum in the head table before hashing, in contrast to what it says in the spec?

Hin-Tak

--------------------------------------------
On Wed, 27/4/16, Hin-Tak Leung <htl10 at users.sourceforge.net>
wrote:

 Hi Greg,
 
 If you can have a look at the Microsoft code and check soon,  that would be great. My implementation ( https://github.com/HinTak/Font-Validator/blob/master/DSIGInfo/DSIGInfo.cs

 ) was checked against at least all the Win 8.1 and win 7  shipped fonts, so I am fairly sure that's how Microsoft  signs their own shipping fonts :-). The checksum's are  adjusted to those without the DSIG table, but not zero'ed. 
 
 Martin: If you can locate you old work, conceptually, the  hash is simply of "a valid font stripped of the DSIG table +  two bytes appended".
 
 Hin-Tak
 
 --------------------------------------------
 On Wed, 27/4/16, Greg Hitchcock <gregh at microsoft.com>
 wrote:
  
  I've not had a chance
  to look at the code to verify this one way or another. It
  seems to me it would be wrong to not zero out the
  CheckSumAdjustment in the head table. I will not be able  to
  look at this right away, but hope to soon.
  
  GregH

More information about the mpeg-otspec mailing list