How to Calculate Signatures?
Ben Laurie <ben@algroup.co.uk> Sat, 02 April 2005 17:13 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id MAA05709 for <openpgp-archive@lists.ietf.org>; Sat, 2 Apr 2005 12:13:36 -0500 (EST)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j32GpsbQ018635; Sat, 2 Apr 2005 08:51:54 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j32GprkB018634; Sat, 2 Apr 2005 08:51:53 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j32GpqKv018628 for <ietf-openpgp@imc.org>; Sat, 2 Apr 2005 08:51:53 -0800 (PST) (envelope-from ben@algroup.co.uk)
Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id DE63E33C73 for <ietf-openpgp@imc.org>; Sat, 2 Apr 2005 17:51:51 +0100 (BST)
Message-ID: <424ECD2F.1090601@algroup.co.uk>
Date: Sat, 02 Apr 2005 17:49:51 +0100
From: Ben Laurie <ben@algroup.co.uk>
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: OpenPGP <ietf-openpgp@imc.org>
Subject: How to Calculate Signatures?
X-Enigmail-Version: 0.89.6.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit
Once more referring to 2440bis-12...
The sections on calculating signatures are really confusing. I can't
currently suggest alternate text for most of it because its far from
clear to me what the actual algorithms are. If someone explains, I'll do
my best to write clarifying text.
Firstly:
5.2.2 says:
The signature calculation is based on a hash of the signed data, as
described above.
Until I wrote this email, I though this sentence meant the signature
calculation was described above. I've just realised it means that the
hash is described above. I suggest instead:
The signature calculation is based on the hash of the signed data
described above.
Though since the hash is described much more usefully in 5.2.4, perhaps
it should simply refer to that instead?
It then goes on to say:
The details of the calculation are different for
DSA signature than for RSA signatures.
The hash h is PKCS-1 padded exactly the same way as for the above
described RSA signatures.
For the life of me, I can't see an "above described RSA signature" -
where is that? PKCS-1 is mentioned before, but for encryption, not signing.
It then goes on to describe truly revolting nastiness about PKCS-1
(shouldn't that be written PKCS#1, incidentally?) for doing RSA
signatures, but never, as far as I can see, says how to do a DSA
signature. From experiment, it seems to me that a DSA signature is done
directly on the hash, without any manipulation at all. Correct?
Then in 5.2.3:
The algorithms for converting the hash function result to a
signature are described in a section below.
Firstly, it would be much more friendly to say _which_ section below,
rather than leaving the reader to guess. I'd fill that in if I could
find the section, but I can't. The nearest I can get is 5.2.4, which says:
After all this has been hashed in a single hash context the
resulting hash field is used in the signature algorithm, and placed
at the end of the signature packet.
And that appears to be it, as far as signature algorithms are concerned.
Reading between the lines, I'm assuming that what this really means is
that the algorithms used are exactly what I'd expect, i.e. DSA directly
on the hash, and RSA with PKCS#1 padding and the, err, other stuff. But
references to further descriptions that I can't find leave me in doubt!
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
- How to Calculate Signatures? Ben Laurie
- Re: How to Calculate Signatures? "Hal Finney"
- Re: How to Calculate Signatures? Ben Laurie
- Re: How to Calculate Signatures? Ben Laurie
- Re: How to Calculate Signatures? Ben Laurie
- Re: How to Calculate Signatures? Konrad Rosenbaum
- Re: How to Calculate Signatures? Ian G
- Re: How to Calculate Signatures? Ben Laurie
- Re: How to Calculate Signatures? Ben Laurie
- Re: How to Calculate Signatures? "Hal Finney"
- Re: How to Calculate Signatures? "Hal Finney"
- Re: How to Calculate Signatures? Ian G
- Re: How to Calculate Signatures? Ben Laurie
- Re: How to Calculate Signatures? Ian G
- Re: How to Calculate Signatures? Ian G
- Re: How to Calculate Signatures? "Hal Finney"
- Re: How to Calculate Signatures? Jon Callas
- Re: How to Calculate Signatures? Jon Callas
- Re: How to Calculate Signatures? Ian G
- Re: How to Calculate Signatures? Jon Callas
- Re: How to Calculate Signatures? Ben Laurie
- Re: How to Calculate Signatures? "Hal Finney"
- Re: How to Calculate Signatures? David Shaw
- Re: How to Calculate Signatures? Jon Callas
- Re: How to Calculate Signatures? David Shaw
- Re: How to Calculate Signatures? Konrad Rosenbaum