Re: [openpgp] Question on computing v5 signatures
Werner Koch <wk@gnupg.org> Thu, 02 May 2019 17:15 UTC
Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 93969120489 for <openpgp@ietfa.amsl.com>; Thu, 2 May 2019 10:15:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.001
X-Spam-Level:
X-Spam-Status: No, score=-7.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=gnupg.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I2IOlhoEE9Bl for <openpgp@ietfa.amsl.com>; Thu, 2 May 2019 10:15:11 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41645120124 for <openpgp@ietf.org>; Thu, 2 May 2019 10:15:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org; s=20181017; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date: References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=+j67aR5jngB7t2XBpAPP2XRSaby17xhp/LCTZDIIg0I=; b=cET+gylG7hVE26R7nbTImA0J92 oR9O3qd9I2IuYZMlRTx8STX3PGaK4dpk2Pmurdy/X5/8hi+wlYSXFjsRfqGXrehdOoUVdwa76onnV D9dJhvXTs146EzsZxSLCUCWrF5ow1kusN83UfBf1hcT0t9CHyrm66BCg96PB/aYMQ8sY=;
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1hMFIa-0008Mg-PG for <openpgp@ietf.org>; Thu, 02 May 2019 19:15:08 +0200
Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1hMFHa-0007uJ-6F; Thu, 02 May 2019 19:14:06 +0200
From: Werner Koch <wk@gnupg.org>
To: Heiko Stamer <HeikoStamer@gmx.net>
Cc: OpenPGP WG <openpgp@ietf.org>
References: <cdf3ec1d-25b5-0244-459d-11774c22b161@gmx.net>
Organisation: GnuPG e.V.
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
Mail-Followup-To: Heiko Stamer <HeikoStamer@gmx.net>, OpenPGP WG <openpgp@ietf.org>
Date: Thu, 02 May 2019 19:13:51 +0200
In-Reply-To: <cdf3ec1d-25b5-0244-459d-11774c22b161@gmx.net> (Heiko Stamer's message of "Wed, 1 May 2019 21:29:09 +0200")
Message-ID: <87r29g6apc.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=World_Health_Organization_DOE_AOL_TOS_LEETAC_BROMURE_Euskadi_ta=Aska"; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/eht-3g12uZv8njJg9e27oGcfQKo>
Subject: Re: [openpgp] Question on computing v5 signatures
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 May 2019 17:15:13 -0000
Hello! On Wed, 1 May 2019 21:29, HeikoStamer@gmx.net said: > I am wondering why a number of eight-octet size is used here. The > biggest field, AFAIS i.e. the hashed subpacket data area, is limited > by the included two-octet hashed subpacket length. So why 64 bit? That seems to be a misunderstanding. The original patch from Brian (9b846b7e from 2017-02-13) had this text: V5 signatures instead hash in a ten-octet trailer: the version of the Signature packet, i.e., 0x05; 0xFF; and an eight-octet, big-endian number that is the length of the hashed data from the Signature packet (note that this number does not include these final ten octets). He might have extended the counter to eight octets to better distinguish a V5 signature form a V4 signature. Reading this I falsely concluded that the 32 bit counter of a V4 signature might overflow and thus added The four-octet big-endian number is considered to be an unsigned integer modulo 2^32. to the V4 signature desciption. Obviously we both missed that a 32 bit counter is sufficient for a a max of 2*2^16+something octets. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
- [openpgp] Question on computing v5 signatures Heiko Stamer
- Re: [openpgp] Question on computing v5 signatures Neal H. Walfield
- Re: [openpgp] Question on computing v5 signatures Heiko Stamer
- Re: [openpgp] Question on computing v5 signatures Werner Koch
- Re: [openpgp] Question on computing v5 signatures brian m. carlson