keygrip format
Werner Koch
wk at gnupg.org
Thu Dec 7 22:40:19 CET 2017
On Thu, 7 Dec 2017 21:40, dkg at fifthhorseman.net said:
> Can you guarantee that the keygrip will remain stable?
Yes, that is part of the Libcrypt ABI and will thus not change. Sorry,
I should have put this into a separate paragraph.
> Right? Using the mechanism defined in PKCS-15, what prevents an RSA key
> from having the same keygrip as an ECC key?
The Libgcrypt keygrip is in general different from the PCKS-15 keygrip.
With the exception of RSA the Libgcrypt keygrip always includes an
identifier for the algorithm. I tried to keep the RSA keygrip similar
to the PCKS-15 defined one but:
/* Compute a keygrip. [...]
PKCS-15 says that for RSA only the modulus should be hashed -
however, it is not clear whether this is meant to use the raw bytes
(assuming this is an unsigned integer) or whether the DER required
0 should be prefixed. We hash the raw bytes. */
For ECC we hash an s-expression with all curve parameters in a well
defined order. For other algorithms we use the standard Libgcrypt
s-expression using the parameters in the order given by Libgcrypt's
implementation.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20171207/5eb440b1/attachment.sig>
More information about the Gnupg-devel
mailing list