[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Problems with calculating signatures over keys



I'm trying to compute the signature over the DSA key and I'm rather confused.

I have generated DSA and El Gamal keys with Gnu Privacy Guard software.

First, how many octets there should be in the user id packet to define the length of the username?

It is said in the 5.2.4 that
"A V4 certification hashes the constant 0xb4 (which is an
  old-style packet header with the length-of-length set to zero), a
  four-octet number giving the length of the username, and then the
  username data."

However, in the key generated by GnuPG the length is given with only one octet. I have used the PGPdump interface (http://www.pgpdump.net) to visualize the key data, and the interface shows the data correctly, including the user id packet.

Here is the key packet:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.1 (MingW32)

mQGiBEKVbtERBACEIkiNrLzZZQYivsTw3qjUwBUBILzU9kJATnMZM+DaaF0BuTUX
+CZJVCZQViLG9tk9aFlzEMmImBokJmNkasCEWhwcoKKJjDqTTIUO0k21udKMD4RX
8r5Xp1FxhJYcLqfuo20l4G2pgUOZ7rE0hBL10btJrb6aJ9ava8mO/fXTNwCgwfIT
mrgCrwsBT6lp98BzAUKrO/cD/2UsSeZKwTX3Fr4sYqCHVRjBItTyFF+gB6UcT45Q
XmKtmhlSyZFxoWpXS7JA1KsdjUXUTv4dyjka3BcOk+fqnuPk+bo2+VI1oFJQmeFl
/Gtqk8OF3VTAuO8IzE9tghw6+aDM8UdnOZcoEtUe5WhdhnMKg/snspn3MxmKGgGw
YjhJA/sEHKVV8QIXcG32NdgnmE4y72jy4aI5OJpSHoRYGZjYVCQnRn6O2dyw9AVW
Qf/MwvsUqQNHkE6+C4X3MIAlWsCthlyWMFWjqsPxROBKv9pWXlcx0HnTlS5eW7Ad
sDCxx3hVnC2QDhSCsW6YiEPCN5wER6x9RWgvR0HL6UsOQHlCtrQoS2ltbW8gTWFr
ZWxhaW5lbiA8c3BpZGVyLTQxQGhvdG1haWwuY29tPoheBBMRAgAeBQJClW7RAhsD
BgsJCAcDAgMVAgMDFgIBAh4BAheAAAoJEMsqzv1NDtvR6KQAoJ64WQs7U2d/OBys
SPyLBjr842C9AJ9Y3bKFi7BQrrn0M1+9NOfesOVg27kBDQRClW7UEAQApytRIxA9
5X2h8ev7ApEgoLekTnEJSs0l1R+Y+MCMNgzSv2P5ODhS+8mMbvE5yTv5McA8is9s
SFIB+01P33LnyZOxXmegbBKa+hGR9MtqqRbw6gOQ16I1ymttjL47ZA8fdA/uInb1
jmiUVOVYUAxnpTSyeZugulTSKKggInvgYfsAAwUD/07+XJ2gSiwvT712CPLjYWhB
VWlVGR7dAOyD5bU29Khhy3oKPoFgoZpDatl3rabNldxYEudeLY20LZ/zntXxJlJx
/EfKW67wbqD/VqfhDqsKWjvdJW8ETkexkqSfP8uEE0T2CEJZm8RJSsNBioCxUWCt
CQUsmnEeMYCSfg+Tr0WgiEkEGBECAAkFAkKVbtQCGwwACgkQyyrO/U0O29G9/QCe
L511HAkscEwbacdTLgJ8f9DqRVcAnRHOIEphW7zM+NZSZum56ygtu3Z5
=eV1b
-----END PGP PUBLIC KEY BLOCK-----

The "raw" data of the key is attached to this message.

My main problem is that I can't calculate the correct hash value. PGPdump shows that the two left bytes of the calculated hash value over the keypacket + user id packet + signature packet are 0xE8 and 0xA4.

In 5.2.4 is also said that

"V4 signatures also hash in a final trailer of six octets: the version
  of the signature packet, i.e. 0x04; 0xFF; a four-octet, big-endian
  number that is the length of the hashed data from the signature
  packet (note that this number does not include these final six
  octets."

I haven't found an unambiguous explanation for the length bytes. Is it the length of the whole data being hashed (from the public key packet through the end of the hashed subpacket data of signature packet) or just from the version number of the signature packet through the end of hashed subpacket data?

I have studied old messages from the mailing list. For example in http://www.imc.org/ietf-openpgp/mail-archive/msg02966.html the structure of the explained like this:

(header data)
0x99
2 octet length
key packet body data

(user id data)
0xb4
4 octet length
username data

(signature trailer)

version field to end of hashable data



V4 signature trailer
0x04
0xFF
4 octet length

I think the structure is otherwise clear, but what should be done with the length of the user name? If I add three bytes to the key generated with the GnuPG, I still can't get the hash value to match with the two bytes GnuPG has calculated.

Best regards,
Kimmo Mäkeläinen

_________________________________________________________________
3 vrk:n sääennuste http://www.msn.fi/uutiset/saa

Attachment: pubring.gpg
Description: Binary data