[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: final q re sigs.



From: Erron Criddle <ejc@comasp.com>
Subject: final q re sigs.
Date: Mon, 24 Jul 2000 11:05:50 +0800
Message-ID: <4.3.2.7.0.20000724104343.00b30ed0@mail.comasp.com>

...

> Let's assume: (a) = actual data, (b) = signature data to be hashed (incl. 
> subpackets), (c) = last six octets
> 
> My question is, for a version 4 sig using DSA and SHA1, do we:
> 
> 1) H(a) + H(b) + H(c) = 480 bit value, then hash this to produce the final 
> hash value (before sig. alg.)

i don't think it is this.

as Hal mentioned in an earlier post, a "more complete description of
exactly what is hashed" is given in section 5.2.4.  you'll note that
in his post, he suggested that other sections might refer to section
5.2.4.  that seems like a good idea to me.

> 2) H(a + b + c) = 160 bit value to be fed into the sig. alg.

i think it's closest to this.  my interpretation is:

H(actual data + 
  version + signature type + pubkey algo + hash algo + 
  hashed subpacket length + hashed subpackets +
  0x04 + 0xff + length of hashed data from sig packet)

or

H(actual data +
  fields of sig packet from version through hashed subpackets +
  trailer of six octets a la section 5.2.4)

perhaps someone else can confirm ;-)

note that your definition of (b) says "incl. subpackets", but
actually, you don't include unhashed subpackets...but you probably
meant that anyway, right?