Signature Packet Format
Fri Jul 20 16:51:01 2001
I'm writing a little application to generate an OpenPGP message with a =
user's RSA public/private key for import into gpg. I noticed that GPG =
won't import the key without a valid self-signature.
However, the RFC sections regarding the signature packet format are a =
little unclear to me.
My understanding of Version 4 signatures of RSA keys is as follows - any =
clarifications/corrections are appreciated.
1) Hash the key packet you are protecting.
2) Hash the User ID packet
3) Hash the Signature packet through the hashed subpacket data, but no =
4) Hash the 6-byte trailer
5) Insert the 160-bit hash value into an ASN.1 DigestInfo structure
The spec indicates that the "signature" portion of the packet for the RSA =
algorithm is an MPI of m**d (which I assume is the modulus raised to the =
private exponent). But there's no indication of where the m**d value and =
the ASN.1 DigestInfo structure meet in order to form a secure signature.
I *know* I"m missing something because this just doesn't make sense as a =
cryptographically secure signature. Anyone able to clarify for me?