With reference to 5.4; the second last paragraph states that a version 4
signature has a final trailer of 6 octets, being:
0x04 or 0xFF, a four octet big endian number
This is only 5 octets...does anybody know what the 6th octet is? ...or is a
V4 signature final trailer only 5 octets?
Where did you get the "or" in "0x04 or 0xFF"? The spec says,
V4 signatures also hash in a final trailer of six octets: the version
of the signature packet, i.e. 0x04; 0xFF; a four-octet, big-endian
number that is the length of the hashed data from the signature
packet (note that this number does not include these final six
octets.
I don't see an "or". It is 0x04, 0xFF, and the four octets of length.
That is six octets.
1) V4 Sig., type 0x10. Hash then concatenate the following for feeding into
the DSA (assuming DSA sig):
I'm not sure what you mean by "hash then concatenate". It would make
more sense to say "concatenate then hash", or more simply, just "hash".
public DSA keys (this line not hashed)
0x99 |
2 octet length |
At this point you hash the entire public key packet. As described
in section 5.5.2 of RFC 2440, in addition to the MPI data below, this
includes a version number, creation time, validity period if V3 key,
and public key algorithm type. This is then followed by the MPI data:
MPI of DSA prime p |
MPI of DSA grooup order q |
MPI of DSA group generator g |
MPI of DSA public key value y |
Of course a DSA signature could be over an RSA key as well.
+
user id (this line not hashed)
0xb4 |
4 octet length |
username data |
version field to end of hashable data |
Yes, of the signature packet.
0x04 |
then 0xFF then
4 octet length |
? (see previous question re 5.4) |
This looks correct, incorporating the changes above.
2) V4 Sig., type 0x18. Hash then concatenate the following for feeding into
the DSA (assuming DSA signature keys and ElGamal encryption keys):
public DSA keys (this line not hashed)
0x99 |
2 octet length |
As above, other key packet information is hashed here.
MPI of DSA prime p |
MPI of DSA grooup order q |
MPI of DSA group generator g |
MPI of DSA public key value y |
+
public ElGamal keys (this line not hashed)
0x99 |
2 octet length |
Again, other subkey packet information is hashed here.
MPI of ElGamal prime p |
MPI of ElGamal grooup order q |
Actually this is the group generator g, not the group order q.
MPI of ElGamal public key value y |
version field to end of hashable data |
0x04 |
As above, 0xFF goes here.
4 octet length |
? (see previous question re 5.4) |
Hal Finney