[Top] [All Lists]

Notary signature implementation notes

2002-08-19 10:52:38
Hi folks,

I recently roughed in some support for notary signatures in GnuPG.
Here are some samples.  The first attachment is the file the original
signature was issued on.  The second attachment is a detached
signature on that file.  The third attachment is a v4 0x50 signature
on that signature, and the final attachment is a v3 0x50.

All of these signatures were issued by key 0xD8B2D20C, currently on a
friendly keyserver near you.

I used the canonicalization rules Hal Finney suggested in except I
used the constant 0x88 rather than 0x84 for the canonical CTB.  I
believe 0x84 was a typo since that would be a CTB for a session key

It was suggested that notary signatures always contain a signature
target subpacket.  After implementing notary signatures, I'm not sure
how useful this would be given the current signature target subpacket.
To create the subpacket, the notary needs to have the public key of
the signer of the original signature in order to get the raw hash out
of the original signature.  That harms somewhat the nice feature of a
notary signature that the notary does not need to know anything about
the original document and its signer.  One possible solution to this
is to define the signature target subpacket as a canonical hash of the
original signature rather than as the actual hash from the original


   David Shaw  |  dshaw(_at_)jabberwocky(_dot_)com  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

Attachment: foo
Description: Text document

Attachment: foo.asc
Description: Text document

Attachment: v4.sig
Description: Text document

Attachment: v3.sig
Description: Text document

<Prev in Thread] Current Thread [Next in Thread>
  • Notary signature implementation notes, David Shaw <=