Yes, this all looks fine now. The one thing I'd add is that there is no
need to parse out the key and subkey packets as you have done. After the
0x99 and two-octet length, you just hash the key or subkey packet body.
The specific contents of the key/subkey packet are irrelevant to the
signature algotihm, it's just data to feed the hash.
Hal
1) V4 Sig., type 0x10. Concatenate the following data then hash it for
input into the DSA (the data to be hashed is terminated with the | char)
header data
0x99 |
2 octet length |
public DSA keys (version 4)
0x04 (version) |
4 octet time |
0x11 (for DSA signing algorithm) |
MPI of DSA prime p |
MPI of DSA grooup order q |
MPI of DSA group generator g |
MPI of DSA public key value y |
user id data
0xb4 |
4 octet length |
username data |
signature trailer
version field to end of hashable data |
V4 signature trailer
0x04 |
0xFF |
4 octet length |
All the above data is concatenated then hashed. The left 16 bits are
inserted into the hash check field of the signature and then the hash is
fed into the DSA for production of the signature.
2) V4 Sig., type 0x18. Concatenate the following data then hash it for
input into the DSA (the data to be hashed is terminated with the | char)
header data
0x99 |
2 octet length |
public DSA keys (version 4)
0x04 (version) |
4 octet time |
0x11 (for DSA signing algorithm) |
MPI of DSA prime p |
MPI of DSA grooup order q |
MPI of DSA group generator g |
MPI of DSA public key value y |
header data
0x99 |
2 octet length |
public ElGamal keys
0x04 (version) |
4 octet time |
0x10 (for ElGamal enc. algorithm) |
MPI of ElGamal prime p |
MPI of ElGamal group generator g |
MPI of ElGamal public key value y |
signature trailer
version field to end of hashable data |
V4 signature trailer
0x04 |
0xFF |
4 octet length |
Once again, all the above data is concatenated then hashed. The left 16
bits are inserted into the hash check field of the signature and then the
hash is fed into the DSA for production of the signature.