Clint: In fact, your work on hOpenPGP was the inspiration for what I'm up
to!
(Details probably not yet interesting to the list-at-large; but yes, think
it's feasible to link up with implementations.)
Jon:
2. Is it intended for SHA-1 to be permitted for use with the Iterated
and Salted S2K method in RFC 6637 for private key storage? (The plain
text of the RFC does not forbid it, even though it forbids its use as
an ECDH KDF.) It is implicitly forbidden for use as the S2K algorithm
in packet compositions with ECDH and SKESK packets at the 192-bit
security level -- its output is only 180 bits.)
It's reasonable to use SHA-1 for a symmetric cipher with key less than 160
bits.
Appreciate the confirmation/correction.
(The text prohibiting SHA-1 for the KDF in 6637 is so close to the text
requiring I&S that I wondered whether S2K had been omitted in error...)
The "keyring trust packets" which are obliquely described in RFC 1991
interoperate, so far as I know. PGP 2.X used them, and most people kept
doing it the same way despite the working group being forbidden to define
them and other infrastructure.
Thanks much for the reference. I'll take a look at a few implementations
(I've been trying to avoid specifying GnuPG's behavior rather than
interoperable behavior).
The top-level public key of a "key" must be a key capable of signing. So
you can't use a DH key of any type as the top-level key. You can use a DSA
or ECDSA or RSA key as a top-level key.
You're right. I wasn't taking into account the effect of the
packet-composition rules; those require that V4 primary keys be capable of
certification (and V3 primary keys are always RSA).
And I guess, from the silence on this point, my question is answered: Even
though the RFC states that signatures are optional, even for primary keys,
implementations don't ordinarily import keys without them.
Or in some cases, reading the code.
Agreed.
-dlg
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp