trying to learn by dumping packets

Newton Hammet newton@hammet.net
Sun Dec 30 00:32:01 2001 

Hello Fellow gnupg'rs,

I am attempting to learn the details of this wonderful product
and I am in the process of developing an rfc2440-based packet dump
program to parse OpenGPG messages and show packet type, length, and
other details.

what I did was public-key encrypt a small text file named "xxxxx"
with the contents "xxxxx\n". (i am on a solaris8 pc and I used
gpg v1.0.6 to do the encryption)

It created an output file:

xxxxx.gpg

and my rfc2440 dump program (just barely scaffolded) produced the
following output:

amount read = 339
Filename of pgp packets message: xxxxx.gpg
Offst 0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f
0000 85 01 0e 03 54 9e b3 c9 a1 b0 26 5f 10 03 ff 4e 
0010 c8 6b e2 8c dc 2b 48 21 4d 24 99 26 f8 fd e9 d3 
0020 10 cc b1 04 53 d4 72 68 24 a3 df 17 11 69 50 25 
0030 82 63 f3 4b ca d0 b5 ac f6 cf 23 2d 3f c1 bb b6 
0040 00 fe a3 c1 12 55 af 39 9e 35 13 38 de 86 40 aa 
0050 d8 bc 3b 31 9a ca 16 7c a3 77 c1 6a 71 bf 9e 32 
0060 d0 a4 44 4e a5 e1 9c e8 1f 58 af 78 95 92 ed 1f 
0070 a7 61 39 19 17 9b d8 8b 81 40 de 9d 3c e9 fd d8 
0080 03 1d c4 9e 9b 94 76 04 e9 82 9e 21 97 30 4f 04 
0090 00 a5 1a 7d d6 bc be 42 7e 1a d6 b4 81 16 75 f2 
00a0 55 bb ef a7 07 9b 74 1d 0d 7b a8 e9 ce 52 b8 cc 
00b0 4f 54 b2 a0 d4 3f bf a9 c4 9d e9 ac e5 90 60 bc 
00c0 71 87 1c fd 8d 1a 6f 1d de 1d db cb 3c e2 55 17 
00d0 99 0f 55 68 fc 6d d7 e2 0a 2e 31 a1 c3 df cd 00 
00e0 8c 43 13 91 e0 1d 71 da 84 55 21 a6 d4 45 9f 65 
00f0 81 0d 8b 5f 38 a9 5b 6b d5 91 e6 d5 6c e9 d4 82 
0100 57 60 3f e8 71 0a f4 11 83 cb 31 95 b0 21 2b c8 
0110 7a d2 40 01 c5 ab 45 9a a6 da 45 88 39 e1 ed 02 
0120 7d 12 94 5b 20 25 2a ea 41 4c 15 5c 15 84 63 31 
0130 14 1d 6d 51 20 0c 39 8e 88 e6 26 4f 54 4f 66 66 
0140 8c 03 dc 8d cf 68 49 68 50 4c 09 8b ae 6d 52 1a 
0150 1f dd f9 
The above is a "reference hex dump".  the following output is 
what i produced with my rfc2440 parser, with my understanding so
far.  I found the first packet header "0x85", a 2-byte
length code with the decimal value "270".  The problem is
I don't know how to decode the next header tag which is
'd2' at hex offset 111 in the file.  my understanding
of rfc2440 is that it should be a "new format packet
header of tag value 18" and I don't know what that is
(the tag specs only go up to 16 in the rfc2440).

Below is some partial output from my rfc2440-dump program.

Offset PktHdr Fmt HdrLen BodyLen
00000   0x85  Old     3    270   ==PUBLIC-KEY-ENCRYPTED-SESSION-KEY==
   VER=3  KEY-ID=549eb3c9a1b0265f  Algorithm #=16 
next pkthdr=d2 at offset: 0111

It is probably a case where I have misunderstood something
in the rfc description (i.e. is the total packet length
273? (3 bytes header plus 270 bytes data) or 270? (the length
value standing for the total data).

Don't know if any gnu guru wants to wade through the above
but it sure would be appreciated.

No problems with gpg so far (I am just learning). I compiled 
it successfully on my pc, and have created public keys, imported
and exported them with and without "armor" and have encrypted
(public key) and decrypted (with corres private key) successfully.

So it is not really a problem with using gpg but wanting to 
understand it in greater technical detail.


Thanks and Regards,
Newton
-- 

Information, Knowledge, and Wisdom