On Tue, 30 Mar 2010, Stephen Paul Weber wrote:
The question I have is: what is "message"? According to section 5.2.4 it's
some combination of the literal data packet(s?) (their bodies or the whole
packet?) and the "hashed" subpackets. Do I just concat all the data packets
and the hashed packets together in the order they appear?
Section [5.2.4] says:
For binary document signatures (type 0x00), the document data is
hashed directly. For text document signatures (type 0x01), the
document is canonicalized by converting line endings to <CR><LF>,
and the resulting data is hashed.
I agree that paragraph isn't completely unambiguous. IIRC, the data passed
to the SHA1/MD5/whatever algorithm is the bare document contents (possibly
with EOL canonicalization as described above), concatenated with some
"trailer" bytes which depend on the version number of the signature, but
are a copy of part of the signature subpacket itself plus perhaps a length
field and so on (see the last three paragraphs of [5.2.4]).
(The encrypted-data packet, by contrast, does contain a sequence of
OpenPGP packets.)