ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SPKI in OpenPGP format

1998-01-23 16:09:41
from [Vinnie Moscaritolo] [Permanent Link] 
Here is a possible way to represent a SPKI certifcate in OpenPGP format
OpenPGP added a utility field called a notation that could be used
to hold SPKI strings. Its more of a binary (un human readble version)
but it does maintain the spirit of SPKI.

the packet format is further descreibed in sect 5.2.2. of the openPGP spec.

just a thought.

SPKI packet represented in OpenPGP Standalone signature packet

        size    hex-value       desc

Packet Header
-------------
        1       8B           Ptag       10  0010 11
                                     |   |    '--  3  = indeterminate  len
                                     |   '-------- 2 = Signature Packet
                                     '------------  old packet format
Version 4 Signature packet

        1       04           version number:  (4).
        1       02           Signature Types: Standalone signature
        1       XX           public key algorithm. ( DSA = 0x11 )
        1       XX           hash algorithm        ( SHA1 = 0x02 )

Hashed SubPacket Data
        2       XXXX         Hashed subpacket len
 ---
-------------
        1       02              2 = signature creation time         VALIDITY
        4       XX XX XX XX     Signature creation time
 ---
        1       03              3 = signature expiration time
        4       XX XX XX XX     Signature creation time
 ---
-------------
        1       10              16 = issuer key ID                  ISSUER
        8       XX...           Key ID of issuer
 ---
-------------
        1       14              20 = notation data
AUTHORIZATION
        4       0000 0000       (4 octets of flags)
        2       0009                - name length
        2       XXXX                - value length,
        9       'SPKI_AUTH'     - name data
        N       XX....              - value data
 ---
-------------
        1       14              20 = notation data                  SUBJECT
        4       0000 0000       (4 octets of flags)
        2       000C                - name length
        2       0008                - value length,
        8       'SPKI_SUBJECT'      - name data
        N       XX....              - Key ID of subject
 ---
-------------
        1       14              20 = notation data                  DELEGATION
        4       0000 0000       (4 octets of flags)
        2       000A                - name length
        2       0000                - value length          the existance
of this field means
        10      'SPKI_DELEG'        - name data             that the
subject may delagate the priv
  ---
UnHashed SubPacket Data
        2       00 00        UnHashed subpacket len (not used)
Signature Data
        2       XXXX        - Two-octet field holding left 16 bits of
signed hash value.
        N       XXXX...     - One or more multi-precision integers
comprising the signature.


__________________________________________________________________________
Vinnie Moscaritolo                          <vinnie(_at_)pgp(_dot_)com>
Chief Consulting Engineer
Total Network Security                      555 Twin Dolphin Drive
Network Associates, Inc.                    Suite 570
415.572.0430                                Redwood Shores, CA 94065
Fingerprints: DE60 DB68 8E17 2A3F 60AE A933 88F1 F50E 070A 5CFF (DSS)

1 if by land, 2 if by sea.
         Paul Revere - encryption 1775
__________________________________________________________________________
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: proposed FP sig subpacket type, Lutz Donnerhacke
Next by Date:  Are You Happy!, vE0RQ1lEW
Previous by Thread:  Please Fix, William H. Geiger III
Next by Thread:  Re: SPKI in OpenPGP format, Carl Ellison
Indexes:  [Date] [Thread] [Top] [All Lists]