-----BEGIN PGP SIGNED MESSAGE-----
I like most of Werner Koch's edits.
One section that concerned me was:
| The 20 byte SHA-1 digest that follows the algorithm-specific
| portion is computed by hashing the plaintext of all the
| algorithm-specific octets (including MPI prefix and data). It is
| always encrypted like the algorithm-specific data. The deprecated
I strongly recommend hashing the entire contents, including the public
key material. If you wanted to leave out the material between the
public-key and secret-key parameters (that is, the pre-S2K byte,
the S2K, and the IV), I could accept that, but I think it would
be more convenient and consistent to include them.
Here's my stab at a description, based on Werner's draft:
| The 20 byte SHA-1 digest that follows the algorithm-specific portion
| is computed by hashing:
| the public key contents (exactly as for fingerprints,
| see "KeyIDs and Fingerprints");
| followed by the secret key packet contents,
| including the plaintext of the algorithm-specific data
| (including any MPI prefixes and data).
| The digest is appended to the secret-key parameters, and is
| encrypted along with them, without any CFB resynchronization.
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3
iQEVAwUBO4Z5pWNDnIII+QUHAQHFtAgAlxkBDwdYiGX6vCLbrglSWNRgtOdZxdXV
M33fryePmhjYpOIGeVOO73nXwGH0DLKwCIczOERT0w7bqCJNadjSLUoCvQ9yoz6g
E1ndo9XLd6/OB/ybS24qOJzbmaANDDDDWuDT2N/Qe+U1VnmUn0Yx8B9CSh7O6b+x
gBN/R6wwbyEGnNdaMIwP+1phzjqfFAARTfTOeiyPUUYSrWOJtpfxg0csnxFK1PWu
IVY/UI+2MqwayxEoITwEqigS/13OtvCKuHBC9GcznNVS/6lOycUjj541VJnCp25h
4BmP79k2RyW0WYxqI4FU4WPDiKPhRSCthIQvTIYONm10dkbZynZV7A==
=a/wP
-----END PGP SIGNATURE-----