Question about verifying signatures
Stephen Paul Weber <singpolyma@singpolyma.net> Tue, 30 March 2010 20:20 UTC
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id o2UKKpr3027207 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 30 Mar 2010 13:20:51 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id o2UKKp4x027206; Tue, 30 Mar 2010 13:20:51 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.157]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id o2UKKnk7027200 for <ietf-openpgp@imc.org>; Tue, 30 Mar 2010 13:20:50 -0700 (MST) (envelope-from singpolyma@gmail.com)
Received: by fg-out-1718.google.com with SMTP id d23so210298fga.4 for <ietf-openpgp@imc.org>; Tue, 30 Mar 2010 13:20:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:date:from:to:subject :message-id:mime-version:content-type:content-disposition:jabber-id :openpgp:x-url:user-agent; bh=gArS8Avzbuso1K1Pj+2BiC+Wt7vM3dp/Z8VREVhsXQI=; b=MFIrLYXRK33CSmNU2z/+Y9Qdp9wy61/JJ4NnxVr+vNYiaDt1SY3evmcDp7r6r/mYiH LxQQ060jMxs2Jbcu1r+S9nMYQVCtpSjAr6/YYYVtmkz4J/rho3V6orWWFDJrAITqM7CU eQtLEtjm6kChmohzE5QqUMZDmEA9wsTyRAGkk=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:date:from:to:subject:message-id:mime-version:content-type :content-disposition:jabber-id:openpgp:x-url:user-agent; b=pY2LJuNsa0M/cfJm99JdF1k/fHcPcsFZBmhleS2l9OeNtZ/AHG+t9C875YkGnZF2PR /9CvntJ69Fxxyr39ldQ5wzv52FjFWCH0FOU4r5yU+MC4VdNjboRg+mjEAY462z3nBdV4 HdQUWMrPG9P6dO2OYoNq8AhQBTbDY/4rHmVXg=
Received: by 10.87.74.30 with SMTP id b30mr6940723fgl.6.1269980449040; Tue, 30 Mar 2010 13:20:49 -0700 (PDT)
Received: from localhost ([66.49.154.250]) by mx.google.com with ESMTPS id 15sm4309019fxm.3.2010.03.30.13.20.46 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 30 Mar 2010 13:20:47 -0700 (PDT)
Date: Tue, 30 Mar 2010 15:20:49 -0500
From: Stephen Paul Weber <singpolyma@singpolyma.net>
To: ietf-openpgp@imc.org
Subject: Question about verifying signatures
Message-ID: <20100330202049.GA21672@mediacentre>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; x-action="pgp-signed"
Content-Disposition: inline
Jabber-ID: singpolyma@gmail.com
OpenPGP: id=CE519CDE; url=https://singpolyma.net/public.asc
X-URL: https://singpolyma.net
User-Agent: Mutt/1.5.20 (2009-06-14)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I'm reading RFC4880 in an attempt to produce an implementatdion of a subset of OpenPGP (RSA signatures) using <http://phpseclib.sourceforge.net/>. I have the publickey and compression-literal-signature packets parsed out. I can extract n and e and feed them to Crypt_RSA to construct a verifier. I tell it I'm using sha256. It then needs a "message" and a "signature" parametre. I get the signature data out of the signature packet no problem. The question I have is: what is "message"? According to section 5.2.4 it's some combination of the literal data packet(s?) (their bodies or the whole packet?) and the "hashed" subpackets. Do I just concat all the data packets and the hashed packets together in the order they appear? Thanks. - -- Stephen Paul Weber, @singpolyma Please see <http://singpolyma.net> for how I prefer to be contacted. edition right joseph -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQIcBAEBCAAGBQJLsl0hAAoJENEcKRHOUZzeeiEQALIrdMesbnGdz28npdEDun6U JyZP+WpUBI0RFESTs3VNTkvvxnNOCuQrg6PDHn10b/06b3hgbpicplAWBglGJSHd P7/0CG4ADa3yTapyEKZy9lKbjj6s5gUuz6PJVvw+Ph5XIxDfNM3EHRSoHZERaPPI Cs7ohUE7sxLO2Q8AYxwAQelWdzhCOONDq4WFciXp+ziI9lFVKgZKxFVAOvOLwi3s EFDpV/6qoVWC5XBJhZPbwHcOaLbBVGwSDnA+lI1JCwtdN1HGsQnnD3fvMSjGsICv +skfheEpoQI2x8WBq928d5cbuxQaTVKY3aHFT8DyjROUv6tAwaMWObCJ5/+GEy/8 YNAx/ba/NdCBHYFFySlvVV7xvKCeT19t9LeEKys8fbIcrNj3ULP5cNro6hfTc+2d zu4VcbWIiJ57MuGFks15ear+6O1UN5JLGTSkz1aQx4Tb+5TqliwWRsu+tSJWlUK8 LY5BFf5AZ5w5GF0aGWMMfNj3mHkMkeqL2q1LXoIW9qjikCZRLksn4umS4mf3pM5T 1tEJJ/zfdAeP/4fKrV97vi1Ez7IbOCu+JheRwANTUbdQNWg5ajFF5uf2zxHKsKUN gRlFzVVgBK4oJyF3tx13oBKFEV8I6B6fhtGi7pkikI6R0UyAklD0jkGMJuD2i3FQ Gl/I+wEUGcvsdTFQxK5B =HiOM -----END PGP SIGNATURE-----
- Re: Question about verifying signatures Stephen Paul Weber
- Re: Question about verifying signatures David Shaw
- Re: Question about verifying signatures Stephen Paul Weber
- Re: Question about verifying signatures Wim Lewis
- Question about verifying signatures Stephen Paul Weber