Signature Packet Format

Justin Wienckowski Justin.Wienckowski@trw.com
Fri Jul 20 16:51:01 2001


Hey folks,

I'm writing a little application to generate an OpenPGP message with a =
user's RSA public/private key for import into gpg.  I noticed that GPG =
won't import the key without a valid self-signature.

However, the RFC sections regarding the signature packet format are a =
little unclear to me.

My understanding of Version 4 signatures of RSA keys is as follows - any =
clarifications/corrections are appreciated.

1)  Hash the key packet you are protecting.
2)  Hash the User ID packet
3)  Hash the Signature packet through the hashed subpacket data, but no =
further
4)  Hash the 6-byte trailer
5)  Insert the 160-bit hash value into an ASN.1 DigestInfo structure

....now what?

The spec indicates that the "signature" portion of the packet for the RSA =
algorithm is an MPI of m**d (which I assume is the modulus raised to the =
private exponent).  But there's no indication of where the m**d value and =
the ASN.1 DigestInfo structure meet in order to form a secure signature.

I *know* I"m missing something because this just doesn't make sense as a =
cryptographically secure signature.  Anyone able to clarify for me?

Thanks!
-Justin