Re: [openpgp] New fingerprint: to v5 or not to v5

Werner Koch <wk@gnupg.org> Sun, 04 October 2015 18:26 UTC

From: Werner Koch <wk@gnupg.org>
To: Phillip Hallam-Baker <phill@hallambaker.com>
References: <878u84zy4r.fsf@vigenere.g10code.de> <87fv1xxe5w.fsf@alice.fifthhorseman.net> <87r3lgcup8.fsf@vigenere.g10code.de> <CACsn0c=-LKagSqTbgOV1W4Gu4u-f6vpVq82-nWSLGogjoeFKeg@mail.gmail.com> <CAMm+LwjeKDKnN2ZAisbKhWVS4kwCEm_VvcZ1MtftYzEJQpGdhg@mail.gmail.com>
Organisation: g10 Code GmbH
OpenPGP: id=F2AD85AC1E42B367; url=finger:wk@g10code.com
Mail-Followup-To: Phillip Hallam-Baker <phill@hallambaker.com>, Watson Ladd <watsonbladd@gmail.com>, IETF OpenPGP <openpgp@ietf.org>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sun, 04 Oct 2015 20:22:06 +0200
In-Reply-To: <CAMm+LwjeKDKnN2ZAisbKhWVS4kwCEm_VvcZ1MtftYzEJQpGdhg@mail.gmail.com> (Phillip Hallam-Baker's message of "Sat, 3 Oct 2015 21:50:16 -0400")
Message-ID: <87y4fi5wa9.fsf@vigenere.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/cql2XBwjbd15nCl6AKevn5Wp3QY>
Cc: Watson Ladd <watsonbladd@gmail.com>, IETF OpenPGP <openpgp@ietf.org>, Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Subject: Re: [openpgp] New fingerprint: to v5 or not to v5
Precedence: list

On Sun,  4 Oct 2015 03:50, phill@hallambaker.com said:

> Yes, hence the reason for my UDF design which salts the hash with the mime
> content type of the data being hashed. Thus one fingerprint format can be
> used for a S/MIME key or an OpenPGP key or an SSH key.

See rfc-4880, 12.2 (Key IDs and fingerprints)

  Here are the fields of the hash material, with the example of a DSA
  key:

   a.1) 0x99 (1 octet)
   a.2) high-order length octet of (b)-(e) (1 octet)
   a.3) low-order length octet of (b)-(e) (1 octet)
     b) version number = 4 (1 octet);
     c) timestamp of key creation (4 octets);
     d) algorithm (1 octet): 17 = DSA (example);
     e) Algorithm-specific fields.

   Algorithm-Specific Fields for DSA keys (example):
   e.1) MPI of DSA prime p;
   e.2) MPI of DSA group order q (q is a prime divisor of p-1);
   e.3) MPI of DSA group generator g;
   e.4) MPI of DSA public-key value y (= g**x mod p where x is secret).

also the MPI format is different from X.509 and from SSH.

Thus we already "salt" the fingerprints with version numbers and a
timestamp and get different fingerprints for these 3 protocols and most
likely for all protocols even for the same key material.  For a v5 key
the fingerprint will also be different due to a.3b).


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

[openpgp] New fingerprint: to v5 or not to v5 Werner Koch
Re: [openpgp] New fingerprint: to v5 or not to v5 vedaal
Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
Re: [openpgp] New fingerprint: to v5 or not to v5 ianG
Re: [openpgp] New fingerprint: to v5 or not to v5 Simon Josefsson
Re: [openpgp] New fingerprint: to v5 or not to v5 Daniel Kahn Gillmor
Re: [openpgp] New fingerprint: to v5 or not to v5 ianG
Re: [openpgp] New fingerprint: to v5 or not to v5 Daniel A. Nagy
Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
Re: [openpgp] New fingerprint: which hash algo (w… Werner Koch
Re: [openpgp] New fingerprint: to v5 or not to v5 Watson Ladd
Re: [openpgp] New fingerprint: to v5 or not to v5 Phillip Hallam-Baker
Re: [openpgp] New fingerprint: which hash algo (w… Tom Ritter
Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
Re: [openpgp] New fingerprint: to v5 or not to v5 Mark D. Baushke
Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
Re: [openpgp] New fingerprint: to v5 or not to v5 ianG
Re: [openpgp] New fingerprint: to v5 or not to v5 ianG
Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
Re: [openpgp] New fingerprint: which hash algo (w… Simon Josefsson
Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
Re: [openpgp] New fingerprint: which hash algo ianG
Re: [openpgp] New fingerprint: which hash algo vedaal
Re: [openpgp] New fingerprint: which hash algo Steve Pointer
Re: [openpgp] New fingerprint: which hash algo Alessandro Barenghi
Re: [openpgp] New fingerprint: which hash algo Robert J. Hansen
Re: [openpgp] New fingerprint: to v5 or not to v5 Daniel Kahn Gillmor
Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
Re: [openpgp] New fingerprint: to v5 or not to v5 Jonathan McDowell
Re: [openpgp] New fingerprint: to v5 or not to v5 Nicholas Cole
Re: [openpgp] New fingerprint: to v5 or not to v5 Vincent Breitmoser
Re: [openpgp] New fingerprint: which hash algo Daniel A. Nagy
Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
Re: [openpgp] New fingerprint: to v5 or not to v5 Peter Gutmann
Re: [openpgp] New fingerprint: to v5 or not to v5 Watson Ladd
Re: [openpgp] New fingerprint: to v5 or not to v5 Werner Koch
Re: [openpgp] New fingerprint: which hash algo Phillip Hallam-Baker
Re: [openpgp] New fingerprint: which hash algo ianG
Re: [openpgp] New fingerprint: which hash algo Daniel Kahn Gillmor
Re: [openpgp] New fingerprint: which hash algo Phillip Hallam-Baker