Re: Signature Subpacket 10?
David Shaw <dshaw@jabberwocky.com> Thu, 30 June 2005 13:29 UTC
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Dnz73-00038n-4y for openpgp-archive@megatron.ietf.org; Thu, 30 Jun 2005 09:29:53 -0400
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id JAA10464 for <openpgp-archive@lists.ietf.org>; Thu, 30 Jun 2005 09:29:50 -0400 (EDT)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5UD1B4K064364; Thu, 30 Jun 2005 06:01:11 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j5UD1Bfs064362; Thu, 30 Jun 2005 06:01:11 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5UD1ADA064256 for <ietf-openpgp@imc.org>; Thu, 30 Jun 2005 06:01:10 -0700 (PDT) (envelope-from dshaw@jabberwocky.com)
Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (sccrmhc12) with ESMTP id <2005063013010401200hep3be>; Thu, 30 Jun 2005 13:01:04 +0000
Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j5UD147G021641 for <ietf-openpgp@imc.org>; Thu, 30 Jun 2005 09:01:04 -0400
Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j5UD13KP030053 for <ietf-openpgp@imc.org>; Thu, 30 Jun 2005 09:01:03 -0400
Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j5UD13dA030052 for ietf-openpgp@imc.org; Thu, 30 Jun 2005 09:01:03 -0400
Date: Thu, 30 Jun 2005 09:01:02 -0400
From: David Shaw <dshaw@jabberwocky.com>
To: OpenPGP <ietf-openpgp@imc.org>
Subject: Re: Signature Subpacket 10?
Message-ID: <20050630130102.GA24509@jabberwocky.com>
Mail-Followup-To: OpenPGP <ietf-openpgp@imc.org>
References: <42C3ACFC.9070905@algroup.co.uk> <87wtoc6sso.fsf@wheatstone.g10code.de> <200506301216.29338.iang@systemics.com> <42C3E1CE.2000407@algroup.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <42C3E1CE.2000407@algroup.co.uk>
OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc
User-Agent: Mutt/1.5.8i
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
On Thu, Jun 30, 2005 at 01:13:02PM +0100, Ben Laurie wrote: > Aha. Well, I'd like to be able to extract the data, just for > completeness. Does anyone have a format for the packet? I believe it is the same as the format for the designated revocation subpacket (#12). A class byte, followed by an algorithm byte for the public key algorithm of the key being ARR-ed to, followed by the (V4) fingerprint of the ARR key. The class byte has bits defined to express "please follow this ARR" or "you must follow this ARR", but I'm afraid I don't know which bits mean what offhand. David Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5UD1B4K064364; Thu, 30 Jun 2005 06:01:11 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j5UD1Bfs064362; Thu, 30 Jun 2005 06:01:11 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from sccrmhc12.comcast.net (sccrmhc12.comcast.net [204.127.202.56]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5UD1ADA064256 for <ietf-openpgp@imc.org>; Thu, 30 Jun 2005 06:01:10 -0700 (PDT) (envelope-from dshaw@jabberwocky.com) Received: from walrus.hsd1.ma.comcast.net ([24.60.132.70]) by comcast.net (sccrmhc12) with ESMTP id <2005063013010401200hep3be>; Thu, 30 Jun 2005 13:01:04 +0000 Received: from grover.jabberwocky.com (grover.jabberwocky.com [172.24.84.28]) by walrus.hsd1.ma.comcast.net (8.12.8/8.12.8) with ESMTP id j5UD147G021641 for <ietf-openpgp@imc.org>; Thu, 30 Jun 2005 09:01:04 -0400 Received: from grover.jabberwocky.com (grover.jabberwocky.com [127.0.0.1]) by grover.jabberwocky.com (8.13.1/8.13.1) with ESMTP id j5UD13KP030053 for <ietf-openpgp@imc.org>; Thu, 30 Jun 2005 09:01:03 -0400 Received: (from dshaw@localhost) by grover.jabberwocky.com (8.13.1/8.13.1/Submit) id j5UD13dA030052 for ietf-openpgp@imc.org; Thu, 30 Jun 2005 09:01:03 -0400 Date: Thu, 30 Jun 2005 09:01:02 -0400 From: David Shaw <dshaw@jabberwocky.com> To: OpenPGP <ietf-openpgp@imc.org> Subject: Re: Signature Subpacket 10? Message-ID: <20050630130102.GA24509@jabberwocky.com> Mail-Followup-To: OpenPGP <ietf-openpgp@imc.org> References: <42C3ACFC.9070905@algroup.co.uk> <87wtoc6sso.fsf@wheatstone.g10code.de> <200506301216.29338.iang@systemics.com> <42C3E1CE.2000407@algroup.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <42C3E1CE.2000407@algroup.co.uk> OpenPGP: id=99242560; url=http://www.jabberwocky.com/david/keys.asc User-Agent: Mutt/1.5.8i Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> On Thu, Jun 30, 2005 at 01:13:02PM +0100, Ben Laurie wrote: > Aha. Well, I'd like to be able to extract the data, just for > completeness. Does anyone have a format for the packet? I believe it is the same as the format for the designated revocation subpacket (#12). A class byte, followed by an algorithm byte for the public key algorithm of the key being ARR-ed to, followed by the (V4) fingerprint of the ARR key. The class byte has bits defined to express "please follow this ARR" or "you must follow this ARR", but I'm afraid I don't know which bits mean what offhand. David Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5UCF8s4007866; Thu, 30 Jun 2005 05:15:08 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j5UCF8Xs007865; Thu, 30 Jun 2005 05:15:08 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5UCF65v007828 for <ietf-openpgp@imc.org>; Thu, 30 Jun 2005 05:15:06 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 65D7333C1B; Thu, 30 Jun 2005 13:15:11 +0100 (BST) Message-ID: <42C3E1CE.2000407@algroup.co.uk> Date: Thu, 30 Jun 2005 13:13:02 +0100 From: Ben Laurie <ben@algroup.co.uk> User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Ian Grigg <iang@systemics.com> CC: Werner Koch <wk@gnupg.org>, OpenPGP <ietf-openpgp@imc.org> Subject: Re: Signature Subpacket 10? References: <42C3ACFC.9070905@algroup.co.uk> <87wtoc6sso.fsf@wheatstone.g10code.de> <200506301216.29338.iang@systemics.com> In-Reply-To: <200506301216.29338.iang@systemics.com> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> Ian Grigg wrote: > On Thursday 30 June 2005 11:30, Werner Koch wrote: > >>On Thu, 30 Jun 2005 09:27:40 +0100, Ben Laurie said: >> >> >>>I see it is reserved "for backward compatibility". I'm curious to >>>know: what's in this packet? Is it documented somewhere? >> >> SIGSUBPKT_ARR =10, /* additional recipient request */ >> >>aka additional decrytpion key. > > > > A little background. This was added by the old > PGP Inc company for commercial users so as to > escrow email. If a key had this subpacket, you > would encrypt to that additional key as well. > > The notion was that it should go > in the standard, but that was politically charged > at the time - indeed Loius Freeh stood up in > front of Congress and used this very feature as > proof that it was possible to force all crypto > programs to escrow messages for the FBI... > > The compromise that was reached was that it > not be documented in the standard. I don't > know if GPG implements it, or even if it the PGP > line still includes it. I think architecturally speaking, > such a feature is better off in the proxy products, > and layered over the top at the admin level > rather than put in the tech. I think it is relatively > safe to ignore it. Aha. Well, I'd like to be able to extract the data, just for completeness. Does anyone have a format for the packet? Cheers, Ben. -- >>>ApacheCon Europe<<< http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5UBti0Z084896; Thu, 30 Jun 2005 04:55:44 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j5UBtiAm084895; Thu, 30 Jun 2005 04:55:44 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5UBtgbM084877 for <ietf-openpgp@imc.org>; Thu, 30 Jun 2005 04:55:43 -0700 (PDT) (envelope-from wk@gnupg.org) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.34 #1 (Debian)) id 1DnwmZ-0001hG-7C for <ietf-openpgp@imc.org>; Thu, 30 Jun 2005 13:00:35 +0200 Received: from wk by localhost with local (Exim 4.34 #1 (Debian)) id 1Dnxal-0000MU-Nt; Thu, 30 Jun 2005 13:52:27 +0200 To: Ian Grigg <iang@systemics.com> Cc: Ben Laurie <ben@algroup.co.uk>, OpenPGP <ietf-openpgp@imc.org> Subject: Re: Signature Subpacket 10? References: <42C3ACFC.9070905@algroup.co.uk> <87wtoc6sso.fsf@wheatstone.g10code.de> <200506301216.29338.iang@systemics.com> From: Werner Koch <wk@gnupg.org> Organisation: g10 Code GmbH OpenPGP: id=5B0358A2; url=finger:wk@g10code.com Date: Thu, 30 Jun 2005 13:52:27 +0200 In-Reply-To: <200506301216.29338.iang@systemics.com> (Ian Grigg's message of "Thu, 30 Jun 2005 12:16:26 +0100") Message-ID: <877jgc6ozo.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> On Thu, 30 Jun 2005 12:16:26 +0100, Ian Grigg said: > at the time - indeed Loius Freeh stood up in > front of Congress and used this very feature as > proof that it was possible to force all crypto > programs to escrow messages for the FBI... I did not know that; interesting. The ARR became known due to a bug in the implementation at that time. > not be documented in the standard. I don't > know if GPG implements it, or even if it the PGP No, never did it. We only have a warning for that bug: if ( type == SIGSUBPKT_ARR && !hashed ) { fprintf (listfp, "\tsubpkt %d len %u (additional recipient request)\n" "WARNING: PGP versions > 5.0 and < 6.5.8 will automagically " "encrypt to this key and thereby reveal the plaintext to " "the owner of this ARR key. Detailed info follows:\n", type, (unsigned)length ); } Shalom-Salam, Werner Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5UBIQUM046020; Thu, 30 Jun 2005 04:18:26 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j5UBIQda046018; Thu, 30 Jun 2005 04:18:26 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from postix.sonance.net (mx2.sonance.net [62.116.45.130]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5UBIPV9045972 for <ietf-openpgp@imc.org>; Thu, 30 Jun 2005 04:18:25 -0700 (PDT) (envelope-from iang@systemics.com) Received: from localhost (localhost [127.0.0.1]) by postix.sonance.net (Postfix) with ESMTP id E37751A34F5; Thu, 30 Jun 2005 13:17:41 +0200 (CEST) Received: from postix.sonance.net ([127.0.0.1]) by localhost (zentrix [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 14384-05; Thu, 30 Jun 2005 13:17:41 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) (using TLSv1 with cipher RC4-MD5 (128/128 bits)) (No client certificate requested) by postix.sonance.net (Postfix) with ESMTP id 311271A34F4; Thu, 30 Jun 2005 13:17:41 +0200 (CEST) From: Ian Grigg <iang@systemics.com> To: Ben Laurie <ben@algroup.co.uk> Subject: Re: Signature Subpacket 10? Date: Thu, 30 Jun 2005 12:16:26 +0100 User-Agent: KMail/1.8 Cc: Werner Koch <wk@gnupg.org>, OpenPGP <ietf-openpgp@imc.org> References: <42C3ACFC.9070905@algroup.co.uk> <87wtoc6sso.fsf@wheatstone.g10code.de> In-Reply-To: <87wtoc6sso.fsf@wheatstone.g10code.de> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200506301216.29338.iang@systemics.com> X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at sonance.net Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> On Thursday 30 June 2005 11:30, Werner Koch wrote: > > On Thu, 30 Jun 2005 09:27:40 +0100, Ben Laurie said: > > > I see it is reserved "for backward compatibility". I'm curious to > > know: what's in this packet? Is it documented somewhere? > > SIGSUBPKT_ARR =10, /* additional recipient request */ > > aka additional decrytpion key. A little background. This was added by the old PGP Inc company for commercial users so as to escrow email. If a key had this subpacket, you would encrypt to that additional key as well. The notion was that it should go in the standard, but that was politically charged at the time - indeed Loius Freeh stood up in front of Congress and used this very feature as proof that it was possible to force all crypto programs to escrow messages for the FBI... The compromise that was reached was that it not be documented in the standard. I don't know if GPG implements it, or even if it the PGP line still includes it. I think architecturally speaking, such a feature is better off in the proxy products, and layered over the top at the admin level rather than put in the tech. I think it is relatively safe to ignore it. iang -- Advances in Financial Cryptography, Issue 2: https://www.financialcryptography.com/mt/archives/000498.html Mark Stiegler, An Introduction to Petname Systems Nick Szabo, Scarce Objects Ian Grigg, Triple Entry Accounting Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5UAZi5I001776; Thu, 30 Jun 2005 03:35:44 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j5UAZirK001772; Thu, 30 Jun 2005 03:35:44 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5UAZgR5001737 for <ietf-openpgp@imc.org>; Thu, 30 Jun 2005 03:35:43 -0700 (PDT) (envelope-from wk@gnupg.org) Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.34 #1 (Debian)) id 1DnvXA-0001EE-9m for <ietf-openpgp@imc.org>; Thu, 30 Jun 2005 11:40:36 +0200 Received: from wk by localhost with local (Exim 4.34 #1 (Debian)) id 1DnwJD-0000H8-H6; Thu, 30 Jun 2005 12:30:15 +0200 To: Ben Laurie <ben@algroup.co.uk> Cc: OpenPGP <ietf-openpgp@imc.org> Subject: Re: Signature Subpacket 10? References: <42C3ACFC.9070905@algroup.co.uk> From: Werner Koch <wk@gnupg.org> Organisation: g10 Code GmbH OpenPGP: id=5B0358A2; url=finger:wk@g10code.com Date: Thu, 30 Jun 2005 12:30:15 +0200 In-Reply-To: <42C3ACFC.9070905@algroup.co.uk> (Ben Laurie's message of "Thu, 30 Jun 2005 09:27:40 +0100") Message-ID: <87wtoc6sso.fsf@wheatstone.g10code.de> User-Agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> On Thu, 30 Jun 2005 09:27:40 +0100, Ben Laurie said: > I see it is reserved "for backward compatibility". I'm curious to > know: what's in this packet? Is it documented somewhere? SIGSUBPKT_ARR =10, /* additional recipient request */ aka additional decrytpion key. Salam-Shalom, Werner Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5U8TiGe085721; Thu, 30 Jun 2005 01:29:44 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j5U8Ti8X085720; Thu, 30 Jun 2005 01:29:44 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5U8ThiF085685 for <ietf-openpgp@imc.org>; Thu, 30 Jun 2005 01:29:44 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 5257233C1B for <ietf-openpgp@imc.org>; Thu, 30 Jun 2005 09:29:49 +0100 (BST) Message-ID: <42C3ACFC.9070905@algroup.co.uk> Date: Thu, 30 Jun 2005 09:27:40 +0100 From: Ben Laurie <ben@algroup.co.uk> User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: OpenPGP <ietf-openpgp@imc.org> Subject: Signature Subpacket 10? X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> I see it is reserved "for backward compatibility". I'm curious to know: what's in this packet? Is it documented somewhere? Cheers, Ben. -- >>>ApacheCon Europe<<< http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5M1GSWU054197; Tue, 21 Jun 2005 18:16:28 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j5M1GSmb054196; Tue, 21 Jun 2005 18:16:28 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtpd.itss.auckland.ac.nz (zeppo.itss.auckland.ac.nz [130.216.190.14]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5M1GQHD054186 for <ietf-openpgp@imc.org>; Tue, 21 Jun 2005 18:16:27 -0700 (PDT) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (localhost.localdomain [127.0.0.1]) by smtpd.itss.auckland.ac.nz (Postfix) with ESMTP id 1CED434ECF; Wed, 22 Jun 2005 13:16:26 +1200 (NZST) Received: from smtpd.itss.auckland.ac.nz ([127.0.0.1]) by localhost (smtpd.itss.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 31135-18; Wed, 22 Jun 2005 13:16:26 +1200 (NZST) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by smtpd.itss.auckland.ac.nz (Postfix) with ESMTP id D78EC34ECC; Wed, 22 Jun 2005 13:16:25 +1200 (NZST) Received: from medusa01.cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id 4B31E37746; Wed, 22 Jun 2005 13:16:25 +1200 (NZST) Received: from pgut001 by medusa01.cs.auckland.ac.nz with local (Exim 3.36 #1 (Debian)) id 1Dktqu-0005mw-00; Wed, 22 Jun 2005 13:16:28 +1200 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: ben@algroup.co.uk, pgut001@cs.auckland.ac.nz Subject: Re: Power function PGP math library? Cc: hal@finney.org, ietf-openpgp@imc.org, spider-41@hotmail.com In-Reply-To: <42B83877.8080305@algroup.co.uk> Message-Id: <E1Dktqu-0005mw-00@medusa01.cs.auckland.ac.nz> Date: Wed, 22 Jun 2005 13:16:28 +1200 X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> Ben Laurie <ben@algroup.co.uk> writes: >Peter Gutmann wrote: >>>openssl >> >>The code is the crypto equivalent of Heathrow Airport. > >The bignum code is reasonably OK :-) I'd always seen that as the bit with all the excavators :-). Peter. Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5LFvfEk005640; Tue, 21 Jun 2005 08:57:41 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j5LFvfdx005639; Tue, 21 Jun 2005 08:57:41 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5LFvd8n005621 for <ietf-openpgp@imc.org>; Tue, 21 Jun 2005 08:57:40 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 1179F33C1B; Tue, 21 Jun 2005 16:57:43 +0100 (BST) Message-ID: <42B83877.8080305@algroup.co.uk> Date: Tue, 21 Jun 2005 16:55:35 +0100 From: Ben Laurie <ben@algroup.co.uk> User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Peter Gutmann <pgut001@cs.auckland.ac.nz> CC: hal@finney.org, ietf-openpgp@imc.org, spider-41@hotmail.com Subject: Re: Power function PGP math library? References: <E1DjExf-0002Ao-00@medusa01.cs.auckland.ac.nz> In-Reply-To: <E1DjExf-0002Ao-00@medusa01.cs.auckland.ac.nz> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> Peter Gutmann wrote: >>openssl > > The code is the crypto equivalent of Heathrow Airport. The bignum code is reasonably OK :-) -- >>>ApacheCon Europe<<< http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5HBOULw075726; Fri, 17 Jun 2005 04:24:30 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j5HBOURR075725; Fri, 17 Jun 2005 04:24:30 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from smtpa.itss.auckland.ac.nz (groucho.itss.auckland.ac.nz [130.216.190.11]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5HBOTGJ075695 for <ietf-openpgp@imc.org>; Fri, 17 Jun 2005 04:24:29 -0700 (PDT) (envelope-from pgut001@cs.auckland.ac.nz) Received: from localhost (smtpa.itss.auckland.ac.nz [127.0.0.1]) by smtpa.itss.auckland.ac.nz (Postfix) with ESMTP id 5E5A83466E; Fri, 17 Jun 2005 23:24:28 +1200 (NZST) Received: from smtpa.itss.auckland.ac.nz ([127.0.0.1]) by localhost (smtpa.itss.auckland.ac.nz [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26936-07; Fri, 17 Jun 2005 23:24:28 +1200 (NZST) Received: from iris.cs.auckland.ac.nz (iris.cs.auckland.ac.nz [130.216.33.152]) by smtpa.itss.auckland.ac.nz (Postfix) with ESMTP id 3E28D340D7; Fri, 17 Jun 2005 23:24:28 +1200 (NZST) Received: from medusa01.cs.auckland.ac.nz (medusa01.cs.auckland.ac.nz [130.216.34.33]) by iris.cs.auckland.ac.nz (Postfix) with ESMTP id F333937756; Fri, 17 Jun 2005 23:24:27 +1200 (NZST) Received: from pgut001 by medusa01.cs.auckland.ac.nz with local (Exim 3.36 #1 (Debian)) id 1DjExf-0002Ao-00; Fri, 17 Jun 2005 23:24:35 +1200 From: pgut001@cs.auckland.ac.nz (Peter Gutmann) To: hal@finney.org, ietf-openpgp@imc.org, spider-41@hotmail.com Subject: Re: Power function PGP math library? In-Reply-To: <20050617062528.E8C5457E8C@finney.org> Message-Id: <E1DjExf-0002Ao-00@medusa01.cs.auckland.ac.nz> Date: Fri, 17 Jun 2005 23:24:35 +1200 X-Virus-Scanned: by amavisd-new at mailhost.auckland.ac.nz Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> hal@finney.org ("Hal Finney") writes: >I have to say that I think there are better choices for math libraries these >days than that old code. gmp, crypto++ and openssl are three that I have >used and are good quality. I've also heard good things about libtommath. >You can find more about any of these via google. Some thoughts: >gmp, Needs GNU-everything-else in order to build, a problem if you're targetting multiple platforms and need to use non-GNU tools (e.g. VC++). >crypto++ Extreme C++, both in the code style and the requirements it places on compilers. >openssl The code is the crypto equivalent of Heathrow Airport. >libtommath Very nice, although it suffers the no-visible-means-of-support problem that killed the earlier (and equally nice) bnlib: What happens if the author gets tired of maintaining it? Peter. Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5H7EIOi088594; Fri, 17 Jun 2005 00:14:18 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j5H7EISv088593; Fri, 17 Jun 2005 00:14:18 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5H7EHuI088577 for <ietf-openpgp@imc.org>; Fri, 17 Jun 2005 00:14:17 -0700 (PDT) (envelope-from hal@finney.org) Received: by finney.org (Postfix, from userid 500) id E8C5457E8C; Thu, 16 Jun 2005 23:25:28 -0700 (PDT) To: ietf-openpgp@imc.org, spider-41@hotmail.com Subject: Re: Power function PGP math library? Message-Id: <20050617062528.E8C5457E8C@finney.org> Date: Thu, 16 Jun 2005 23:25:28 -0700 (PDT) From: hal@finney.org ("Hal Finney") Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> Kimmo writes: > I need to verify the DSA signature in my application, and the verifier has > to compute these parameters, which are defined in the DSS (Digital Signature > Standard). > > w = (s')^-1 mod q > u1 = ((SHA(M')w) mod q > u2 = ((r')w) mod q > v = (((g)^u1 * (y^u2) mod p) mod q > > I'm using PGP math library in calculation. The problem is how to calculate > parameter v. > > The parameters g (power to u1) and y (power to u2) should be calculated > first and then these factors should be calculated together and so on. But > there isn't a function in the math library to calculate powers. The > calculation could be done with mp_mult, but it is very slow way to do it. If you are using the math library I think, the one that came with the old, old version 2.x of PGP, you can look at a web page I wrote back in 1993 that describes the math library, http://www.finney.org/~hal/pgp_math_lib.html. There you will see that there is in fact a function to calculate powers, mp_modexp. This does a modular exponentiation, so you would use p as the modulus to calculate g^u1 and y^u2, then multiply them together using mp_modmult. Note that mp_modmult does not take a modulus parameter, rather you have to call stage_modulus with p before calling mp_modmult. Then you can use mp_mod to take v mod q. I have to say that I think there are better choices for math libraries these days than that old code. gmp, crypto++ and openssl are three that I have used and are good quality. I've also heard good things about libtommath. You can find more about any of these via google. Hal Finney Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5H78V1p083734; Fri, 17 Jun 2005 00:08:31 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j5H78Vuw083732; Fri, 17 Jun 2005 00:08:31 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from p15139323.pureserver.info (silmor.de [217.160.219.75]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5H78TDW083555 for <ietf-openpgp@imc.org>; Fri, 17 Jun 2005 00:08:30 -0700 (PDT) (envelope-from konrad@silmor.de) Received: from localhost ([127.0.0.1] helo=silmor.de ident=www-data) by p15139323.pureserver.info with esmtp (Exim 3.35 #1 (Debian)) id 1DjAxh-0004vr-00; Fri, 17 Jun 2005 09:08:21 +0200 Received: from 62.154.250.43 (SquirrelMail authenticated user konrad) by silmor.de with HTTP; Fri, 17 Jun 2005 09:08:21 +0200 (CEST) Message-ID: <58790.62.154.250.43.1118992101.squirrel@silmor.de> In-Reply-To: <BAY18-F349DEB902B40CD35684C9FEF40@phx.gbl> References: <BAY18-F349DEB902B40CD35684C9FEF40@phx.gbl> Date: Fri, 17 Jun 2005 09:08:21 +0200 (CEST) Subject: Re: Power function PGP math library? From: "Konrad Rosenbaum" <konrad@silmor.de> To: Kimmo =?iso-8859-1?Q?M=E4kel=E4inen?= <spider-41@hotmail.com> Cc: ietf-openpgp@imc.org User-Agent: SquirrelMail/1.4.4 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> Kimmo Mäkeläinen said: > v = (((g)^u1 * (y^u2) mod p) mod q > > I'm using PGP math library in calculation. The problem is how to calculate > parameter v. > > The parameters g (power to u1) and y (power to u2) should be calculated > first and then these factors should be calculated together and so on. But > there isn't a function in the math library to calculate powers. The > calculation could be done with mp_mult, but it is very slow way to do it. Basic modular math: (g^u1 * y^u2) mod p == ( ((g^u1)mod p) * ((y^u2) mod p) ) mod p you do not really want to calculate g^u1 or y^u2 since it will be a Really Big Number [tm]. Konrad Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5H5tGIt020792; Thu, 16 Jun 2005 22:55:16 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j5H5tG14020791; Thu, 16 Jun 2005 22:55:16 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from hotmail.com (bay18-f3.bay18.hotmail.com [65.54.187.53]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5H5tF72020725 for <ietf-openpgp@imc.org>; Thu, 16 Jun 2005 22:55:15 -0700 (PDT) (envelope-from spider-41@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Thu, 16 Jun 2005 22:55:10 -0700 Message-ID: <BAY18-F349DEB902B40CD35684C9FEF40@phx.gbl> Received: from 193.210.155.190 by by18fd.bay18.hotmail.msn.com with HTTP; Fri, 17 Jun 2005 05:55:10 GMT X-Originating-IP: [193.210.155.190] X-Originating-Email: [spider-41@hotmail.com] X-Sender: spider-41@hotmail.com From: =?iso-8859-1?B?S2ltbW8gTeRrZWzkaW5lbg==?= <spider-41@hotmail.com> To: ietf-openpgp@imc.org Subject: Power function PGP math library? Date: Fri, 17 Jun 2005 08:55:10 +0300 Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1; format=flowed X-OriginalArrivalTime: 17 Jun 2005 05:55:10.0634 (UTC) FILETIME=[1F3F70A0:01C57301] Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> Hey, I need to verify the DSA signature in my application, and the verifier has to compute these parameters, which are defined in the DSS (Digital Signature Standard). w = (s')^-1 mod q u1 = ((SHA(M')w) mod q u2 = ((r')w) mod q v = (((g)^u1 * (y^u2) mod p) mod q I'm using PGP math library in calculation. The problem is how to calculate parameter v. The parameters g (power to u1) and y (power to u2) should be calculated first and then these factors should be calculated together and so on. But there isn't a function in the math library to calculate powers. The calculation could be done with mp_mult, but it is very slow way to do it. Best regards, Kimmo _________________________________________________________________ Nopea ja hauska tapa lähettää viestejä reaaliaikaisesti - MSN Messenger. http://messenger.msn.fi Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5776PBK062815; Tue, 7 Jun 2005 00:06:25 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org) Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j5776PvK062814; Tue, 7 Jun 2005 00:06:25 -0700 (PDT) X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j5776NNZ062785 for <ietf-openpgp@imc.org>; Tue, 7 Jun 2005 00:06:24 -0700 (PDT) (envelope-from ben@algroup.co.uk) Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 058C833C1A; Tue, 7 Jun 2005 08:06:24 +0100 (BST) Message-ID: <42A546F5.4090000@algroup.co.uk> Date: Tue, 07 Jun 2005 08:04:21 +0100 From: Ben Laurie <ben@algroup.co.uk> User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Derek Atkins <derek@ihtfp.com> CC: Hal Finney <hal@finney.org>, ietf-openpgp@imc.org, spider-41@hotmail.com Subject: Re: Problems with calculating signatures over keys References: <20050526153429.2EE6957E8C@finney.org> <sjmu0kqq68x.fsf@cliodev.pgp.com> In-Reply-To: <sjmu0kqq68x.fsf@cliodev.pgp.com> X-Enigmail-Version: 0.89.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-ietf-openpgp@mail.imc.org Precedence: bulk List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/> List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe> List-ID: <ietf-openpgp.imc.org> Derek Atkins wrote: > Hal, > > <chair hat> > > hal@finney.org ("Hal Finney") writes: > > >>We might want to consider some "test vectors" in the RFC which work >>through the process of verifying a signature. We'd show the key and >>associated packets, and then show the exact sequence of bytes which >>gets hashed. I think that would be a big help to implementors. > > > I agree that this would be a boon to implementors. Do you want to > volunteer to do this? :) > > >>Unfortunately once we open the door to including such an example, >>there are a lot of other things we might need to show. The public key >>signature operations themselves, signatures on text and binary messages, >>encryption and decryption, encrypt+sign, etc. We could almost use a >>separate RFC just with examples as an aid to implementors. > > > I also agree that a separate "Test Vectors" draft would be the right > place to put it. It could even be an informational draft instead of a > standards-track draft, but it could still be called something like: > draft-ietf-openpgp-test-vectors > > >>Hal Finney > > > Are there any objections from the WG to doing this? As chair I think > it's a good idea and would welcome a test vectors draft. Sounds good to me. -- http://www.apache-ssl.org/ben.html http://www.thebunker.net/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
- Signature Subpacket 10? Ben Laurie
- Re: Signature Subpacket 10? Werner Koch
- Re: Signature Subpacket 10? Ian Grigg
- Re: Signature Subpacket 10? Werner Koch
- Re: Signature Subpacket 10? Ben Laurie
- Re: Signature Subpacket 10? David Shaw
- Re: Signature Subpacket 10? Jon Callas
- Freeh testimony mentioning ADK (Re: Signature Sub… Adam Back
- Re: Freeh testimony mentioning ADK (Re: Signature… Ian Grigg