-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Somebody claiming to be Wim Lewis wrote:
I agree that paragraph isn't completely unambiguous. IIRC, the data
passed to the SHA1/MD5/whatever algorithm is the bare document
contents (possibly with EOL canonicalization as described above),
concatenated with some "trailer" bytes which depend on the version
number of the signature, but are a copy of part of the signature
subpacket itself plus perhaps a length field and so on (see the last
three paragraphs of [5.2.4]).
So, I'm concatenating:
* The literal contents of any literal data packet(s).
* The literal bytes of the signature packet up to and including the "hashed"
subpackets
* 0x04
* 0xFF
* The length of the second thing in this list
As the "message" to hash? I'm going to try that.
- --
Stephen Paul Weber, @singpolyma
Please see <http://singpolyma.net> for how I prefer to be contacted.
edition right joseph
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQIcBAEBCAAGBQJLsqmMAAoJENEcKRHOUZzezXEQAKs9UZu6GBYlhAyeBnfFOKLK
jYoh03l6NoeNGK9LW2NHVFPgasg+NW3hNNoc2F/ZcyxX9t9HUDliNH+eINyWIUao
SHTO1oCiO+DcJu12HZgbAVIp7KkYXhcXJB9ql5dEJo5Ux0xAXTAf5r3Cjn2C5fvS
gzCJRezT7UQp30h/PlWs0RgF3/Vn3re/EuDO4SGdtYuVl73mB2zSB2TXHRBbJD97
79ZqzZQLYGQ81MRZ5IBdGTy3kFHKCijrFfsDiWyqxddrKaU3qGluKDAzH7RD1rpY
9bfKnvFm0J0Pi2w9ZyIhO0/aZVqNqtfzhAFAjfaN6fX+Dla+/3uUNp+tCaHVNIhf
9LCxIpcw4i0QKmIUDM3o8ppxba8dm8mlfFJ0kuYjIJFrI4G4hEcoywEqmM6LO+9J
uchOHAtNl8g9mixnG2Q+TSd1CrDqpyL2Y/xGfDH2enSU/Lic68uFs9mGMeLYNMdT
Yru4J/NxVS9G+bCD3mmnie7wZBeUsJdbYRhRZJPglAJNhGxDljpGakHeDN9fvTCA
FtKTsCBATvhho41Q5wig9guMbZYKD2DQQwvXx7QGy2DM/SnAncAKM1dP7xQgtwhX
s8ytm6L5LTH4OCTaMdSsZoigwympU9oh+ACnic6Z8uRvPLDyZFvGFSRkWPy943kr
mbrIKJFPQb+ND2Kf1hqv
=x0Q1
-----END PGP SIGNATURE-----