-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Somebody claiming to be David Shaw wrote:
To paraphrase 5.2.4, and assuming we're talking about V4 signatures, you take
all the data (just the uncompressed literal packet body - not including the
literal packet header), and follow that with the signature version (1 byte),
the signature type (1 byte), the public-key algorithm (1 byte), the hash
algorithm (1 byte), the hashed subpacket length (2 bytes, big endian), and
the hashed subpacket body (however many bytes). Note that these are the
first n bytes of your signature packet. Then you hash the trailer: 0x04,
0xFF, and a four byte big-endian number which is the number of bytes you
hashed from the signature (i.e. 6 bytes, plus the number of subpacket bytes).
I've finally got one to work. The "message" that the signature is over
seems to be the concatenation of the literal data in the literal packet (not
header or filename or timestamp) with the bits in your message, in that
order.
Thanks for all the help!
- --
Stephen Paul Weber, @singpolyma
Please see <http://singpolyma.net> for how I prefer to be contacted.
edition right joseph
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQIcBAEBCAAGBQJLs2LdAAoJENEcKRHOUZzeDDgP/jP4lwp+HC4OJesxiq80wbzv
bJdJAqefeg539GwMDUb/ZNIqhhpYR25DgtZPBbgtY1kEWzY8zSdiuo4E125QyjgB
hUw1oKv3GFxGMUI2f9Q6Vgpiek1rNamlhtswCXHI7Vv7DA7G8cwm2ctWYQ5F848/
xinyP424AwZfAyL0LyK30zkiDbEtA217jH87GrDm/8e+P+mCd/YBQuOjX3MRbAnP
V9YhNoV+ysTL4VOx1Br4GkMR/OOsFUvPs3QXZh/5DKe3+GQy3fRY4h+GG1h+fp1W
EEAUnL2d87I9FvAGKEHEd9gZiabu5X7ZhwX3cCFM+cUlWoBygaExvmcZzd/+EFGP
hUeAYl+f45gAPcPRjucHJNpIWHNfbH2XD6os2psUK3JAvmbOeGPCBNPQZhaSSJB7
P1xiTUbCltK12f+STBB6NwSH3whTxZfm7wi8y0SY0HxAn3nSP4p7m8RQqI0SfZ5T
RGA2ERe9/n9LXprUgBG6ltjo8zFTDAhh98T7a20nLVYHu4UqrSheAOL67ZxX4tcI
Esv67a0MPpq5AclqaE7Y2rnF8HLs/keBg7gfK43/9rn+/9QugekIwRfFklvknPTJ
LUSleHr72qqdrohO8OT6hvRN7liCManaDMn0VQkrmxjQ3qgp7wowcseecZkvvn32
qumsZvwdGwQjwH1mKx0H
=TZ00
-----END PGP SIGNATURE-----