ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: signature woes and reconciliation, examples appreciated

2003-08-08 08:47:05
from [john . dlugosz] [Permanent Link] 


Adding "...in the same hash context" would probably be enough, as hash
contexts are explained in the key stretching section.  Of course, adding
pseudocode would not hurt.



                                                                                
                                                  
                      "Hal Finney"                                              
                                                  
                      <hal(_at_)finney(_dot_)org>             To:      
ietf-openpgp(_at_)imc(_dot_)org, poiboy(_at_)SAFe-mail(_dot_)net                
            
                      Sent by:                     cc:                          
                                                  
                      owner-ietf-openpgp(_at_)m         Subject: Re: signature 
woes and reconciliation, examples appreciated           
                      ail.imc.org                                               
                                                  
                                                                                
                                                  
                                                                                
                                                  
                      07/31/2003 07:15 PM                                       
                                                  
                                                                                
                                                  
                                                                                
                                                  






From: poiboy(_at_)SAFe-mail(_dot_)net
I recently ran into trouble trying to calculate the hash needed to
verify a GnuPG (1.2.2) v3 DSA one-pass signature with my pet Python
hopeful-implementation-to-be.


I've had someone else run into the same problem interpreting this part of
the spec.  The language about "first you hash this, then you hash that,
then you hash this other thing" seems very natural to me (I wrote much of
it after all), working with a programming interface where you pass data
incrementally into a hash context object.  But other people interpret
it as you did, that you produce a hash of the first part, then a hash
of the second part, then a hash of the third part, and somehow combine
these hashes together to get the final signature.

Hal Finney
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Re: signature woes and reconciliation, examples appreciated, john . dlugosz <=
Previous by Date:  Re: multiple signature packets, David Shaw
Next by Date:  OpenPGP BOF at CRYPTO 2003, Hironobu SUZUKI
Previous by Thread:  multiple signature packets, vedaal
Next by Thread:  OpenPGP BOF at CRYPTO 2003, Hironobu SUZUKI
Indexes:  [Date] [Thread] [Top] [All Lists]