[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Question about verifying signatures

To: ietf-openpgp@xxxxxxx
Subject: Question about verifying signatures
From: Stephen Paul Weber <singpolyma@xxxxxxxxxxxxxx>
Date: Tue, 30 Mar 2010 15:20:49 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:date:from:to:subject :message-id:mime-version:content-type:content-disposition:jabber-id :openpgp:x-url:user-agent; bh=gArS8Avzbuso1K1Pj+2BiC+Wt7vM3dp/Z8VREVhsXQI=; b=MFIrLYXRK33CSmNU2z/+Y9Qdp9wy61/JJ4NnxVr+vNYiaDt1SY3evmcDp7r6r/mYiH LxQQ060jMxs2Jbcu1r+S9nMYQVCtpSjAr6/YYYVtmkz4J/rho3V6orWWFDJrAITqM7CU eQtLEtjm6kChmohzE5QqUMZDmEA9wsTyRAGkk=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:date:from:to:subject:message-id:mime-version:content-type :content-disposition:jabber-id:openpgp:x-url:user-agent; b=pY2LJuNsa0M/cfJm99JdF1k/fHcPcsFZBmhleS2l9OeNtZ/AHG+t9C875YkGnZF2PR /9CvntJ69Fxxyr39ldQ5wzv52FjFWCH0FOU4r5yU+MC4VdNjboRg+mjEAY462z3nBdV4 HdQUWMrPG9P6dO2OYoNq8AhQBTbDY/4rHmVXg=
Jabber-id: singpolyma@xxxxxxxxx
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Openpgp: id=CE519CDE; url=https://singpolyma.net/public.asc
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: Mutt/1.5.20 (2009-06-14)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I'm reading RFC4880 in an attempt to produce an implementatdion of a subset
of OpenPGP (RSA signatures) using <http://phpseclib.sourceforge.net/>.  I
have the publickey and compression-literal-signature packets parsed out.  I
can extract n and e and feed them to Crypt_RSA to construct a verifier.  I
tell it I'm using sha256.  It then needs a "message" and a "signature"
parametre.  I get the signature data out of the signature packet no problem.
The question I have is: what is "message"?  According to section 5.2.4 it's
some combination of the literal data packet(s?) (their bodies or the whole
packet?) and the "hashed" subpackets.  Do I just concat all the data packets
and the hashed packets together in the order they appear?

Thanks.

- -- 
Stephen Paul Weber, @singpolyma
Please see <http://singpolyma.net> for how I prefer to be contacted.
edition right joseph
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQIcBAEBCAAGBQJLsl0hAAoJENEcKRHOUZzeeiEQALIrdMesbnGdz28npdEDun6U
JyZP+WpUBI0RFESTs3VNTkvvxnNOCuQrg6PDHn10b/06b3hgbpicplAWBglGJSHd
P7/0CG4ADa3yTapyEKZy9lKbjj6s5gUuz6PJVvw+Ph5XIxDfNM3EHRSoHZERaPPI
Cs7ohUE7sxLO2Q8AYxwAQelWdzhCOONDq4WFciXp+ziI9lFVKgZKxFVAOvOLwi3s
EFDpV/6qoVWC5XBJhZPbwHcOaLbBVGwSDnA+lI1JCwtdN1HGsQnnD3fvMSjGsICv
+skfheEpoQI2x8WBq928d5cbuxQaTVKY3aHFT8DyjROUv6tAwaMWObCJ5/+GEy/8
YNAx/ba/NdCBHYFFySlvVV7xvKCeT19t9LeEKys8fbIcrNj3ULP5cNro6hfTc+2d
zu4VcbWIiJ57MuGFks15ear+6O1UN5JLGTSkz1aQx4Tb+5TqliwWRsu+tSJWlUK8
LY5BFf5AZ5w5GF0aGWMMfNj3mHkMkeqL2q1LXoIW9qjikCZRLksn4umS4mf3pM5T
1tEJJ/zfdAeP/4fKrV97vi1Ez7IbOCu+JheRwANTUbdQNWg5ajFF5uf2zxHKsKUN
gRlFzVVgBK4oJyF3tx13oBKFEV8I6B6fhtGi7pkikI6R0UyAklD0jkGMJuD2i3FQ
Gl/I+wEUGcvsdTFQxK5B
=HiOM
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Question about verifying signatures
  - From: David Shaw
- Re: Question about verifying signatures
  - From: Wim Lewis

Prev by Date: Re: Better S2K functions for OpenPGP?
Next by Date: Re: Question about verifying signatures
Previous by thread: Better S2K functions for OpenPGP?
Next by thread: Re: Question about verifying signatures
Index(es):
- Date
- Thread