sig binary format

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Apr 5 19:29:40 CEST 2011


On 04/05/2011 12:03 PM, Jean-Jacques Brucker wrote:
> 
> Hi, I have a question concerning the first octet of *.sig file (created with --detach-sign option). 
> 
> I have see almost data match section 5.2.3. of the RFC4880, but i am asking me why is the first octet of a *.sig file (packet tag) 0x88 ?
> According to section 4.3 of RFC4880 0x88 means "Compressed Data Packet", I was instead expecting 0x82 for "Signature Packet" !?


The first octet (byte) of a packet contains the "packet tag", and
determines how large the rest of the packet header is:

 https://tools.ietf.org/html/rfc4880#section-4.2

 0x88 is (in binary): 10001000b

aligned with bit location index:

    76543210  <- bit index
    10001000  <- bit value

so bit 7 is 1: that's good.
bit 6 is 0: this is an old-format packet.

since it's old-format:

bits 5 through 2 are the packet tag: 0010b -- or 2 in decimal.  (see
https://tools.ietf.org/html/rfc4880#section-4.3)

and bits 1 and 0 indicate how the old-format packet stores its length.
in your case, that's 00b -- or 0 in decimal, indicating that there is a
simple one-octet packet length that immediately follows this first octet
that contains the length of the rest of the packet.

make sense?  How did you compute 0x82?

If you're doing this sort of packet dissection, you might be interested
in "gpg --list-packets" or in the tool "pgpdump", which provides a
similar implementation.

hth,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110405/9fce2416/attachment.pgp>


More information about the Gnupg-devel mailing list