[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 2.1, 2.2 and 10.2 Clarification re sigs.



> that is, should the specification say:
>
>  Signed Message :- OpenPGP Message, Signature Packet | One-Pass Signed Message
>
> or
>
>  Signed Message :- Signature Packet, OpenPGP Message | One-Pass Signed Message

The spec is correct; it is the latter.  Signature packets have *always*
come at the front, since back in PGP 1.0.  If you have seen messages
that were different (and not one-pass signed messages), you have seen
invalid messages.

With regard to Erron Criddle's earlier question:

> To me, "attached" (as in 2.1 and 2.2) means you add it to the end of 
> something and this contradicts 10.2 explanation of a Signed Message (a 
> signed message implies that it is prepended, not attached).

Not to me.  That word would be "appended".  "Attached" is not meant to
imply any ordering.  2.1 and 2.2 are meant to give a very rough overview
of the steps involved in creating an OpenPGP message, not to be a detailed
specification of the process.  That is for the rest of the document.

> By reading section 10.2, it seems that there are two possibilities for 
> signing a literal message:
>
> 1) You create a signature packet then prepend it to the literal packet
>
> 2) You create a signature packet and a One-Pass Signature Packet then 
> prepend the One-Pass packet to the literal packet and append the signature 
> packet to the literal packet.
>
> Therefore, my final questions are:
>
> 1) Can you create a simple signature packet and attach it to the end of a 
> literal packet as stated in 2.1 and 2.2 and subsequently contradict 10.2 
> regarding the definition of a signed message and:

2.1 and 2.2 don't say that, and you can't do this.

> 2) Why would you need a One-Pass Signature Packet if we conform to 10.2 and 
> simply prepend a normal signature packet to the literal data with a 
> subpacket of type 16 (key id), thus removing the need for a One-Pass packet 
> in the first place?

This is so that the signer can process the message in one pass.
He doesn't know the hash until he comes to the end of the message,
so he can't compute the signature until that time.  With the old-style
signature packets he would then have to go back to the beginning of the
message and put the sig there, preventing one-pass processing.

Hal