Hal,
Nearly there (I think)...just need to clarify what you have said:
At 11:36 PM 12/07/2000 -0700, hal(_at_)finney(_dot_)org wrote:
Yes, this all looks fine now. The one thing I'd add is that there is no
need to parse out the key and subkey packets as you have done. After the
0x99 and two-octet length, you just hash the key or subkey packet body.
The specific contents of the key/subkey packet are irrelevant to the
signature algotihm, it's just data to feed the hash.
So you're saying that (1) is OK, however in the case of 2), it would be
best to structure it this way:
header data
0x99 |
2 octet length |
public ElGamal keys
0x04 (version) |
4 octet time |
0x10 (for ElGamal enc. algorithm) |
MPI of ElGamal prime p |
MPI of ElGamal group generator g |
MPI of ElGamal public key value y |
signature trailer
version field to end of hashable data |
V4 signature trailer
0x04 |
0xFF |
4 octet length |
I hope this is OK...or did I totally misunderstand your response?
Thanks :)
> 1) V4 Sig., type 0x10. Concatenate the following data then hash it for
> input into the DSA (the data to be hashed is terminated with the | char)
>
> header data
>
> 0x99 |
> 2 octet length |
>
> public DSA keys (version 4)
>
> 0x04 (version) |
> 4 octet time |
> 0x11 (for DSA signing algorithm) |
> MPI of DSA prime p |
> MPI of DSA grooup order q |
> MPI of DSA group generator g |
> MPI of DSA public key value y |
>
> user id data
>
> 0xb4 |
> 4 octet length |
> username data |
>
> signature trailer
>
> version field to end of hashable data |
>
> V4 signature trailer
>
> 0x04 |
> 0xFF |
> 4 octet length |
>
> All the above data is concatenated then hashed. The left 16 bits are
> inserted into the hash check field of the signature and then the hash is
> fed into the DSA for production of the signature.
>
> 2) V4 Sig., type 0x18. Concatenate the following data then hash it for
> input into the DSA (the data to be hashed is terminated with the | char)
>
> header data
>
> 0x99 |
> 2 octet length |
>
> public DSA keys (version 4)
>
> 0x04 (version) |
> 4 octet time |
> 0x11 (for DSA signing algorithm) |
> MPI of DSA prime p |
> MPI of DSA grooup order q |
> MPI of DSA group generator g |
> MPI of DSA public key value y |
>
> header data
>
> 0x99 |
> 2 octet length |
>
> public ElGamal keys
>
> 0x04 (version) |
> 4 octet time |
> 0x10 (for ElGamal enc. algorithm) |
> MPI of ElGamal prime p |
> MPI of ElGamal group generator g |
> MPI of ElGamal public key value y |
>
> signature trailer
>
> version field to end of hashable data |
>
> V4 signature trailer
>
> 0x04 |
> 0xFF |
> 4 octet length |
>
> Once again, all the above data is concatenated then hashed. The left 16
> bits are inserted into the hash check field of the signature and then the
> hash is fed into the DSA for production of the signature.
Regards
Erron Criddle
Comasp Ltd.
Level 2, 45 Stirling Hwy
NEDLANDS WA 6009
Fax: 08 9386 9473
Tel: 08 9386 9534
http://www.comasp.com
ejc(_at_)comasp(_dot_)com