On Fri, 24 Aug 2001 11:58:38 -0400, Michael Young said:
I strongly recommend hashing the entire contents, including the public
key material. If you wanted to leave out the material between the
I agree as well with this concept. The fingerprint calculation also
hashes the creation date and key algorithm; the former is not needed and
was an unfortunate decision, but it is a good idea to protect the latter
(conceivably we could have a case in the future where changing the PK
algorithm and tweaking some MPI values could cause harm).
The question is whether we should include the intervening material between
the public and private key portions. In some ways that could simplify
the implementor's task, but depending on the order in which parsing and
hashing is done, the data might not be quite as handy as it sounds.
As for the packet algorithm, from implementation experience it is
inconvenient to have public and private parts for the same key with
different versions. An earlier version of PGP, I think 2.6.0 or .1,
had a bug where if you changed your passphrase your secret key version
would get bumped from 2 to 3 but the public key version stayed the same.
This leads to situations where you import just the secret key packet
and synthesize a public key packet for it, which will also have V3.
Maybe it gets signed and the sig calculated on the version byte of 3.
Then later you see the original public key packet with V2, and signatures
on it calculated on that basis. It was a real mess and we still have
kludges in our code to deal with this.
So I would recommend that we stick with V4 on the secret key packet.
Hal