Signature Packet Format

Brian M. Carlson
Fri Jul 20 19:48:02 2001

Hash: RIPEMD160

Justin Wienckowski wrote:

> Hey folks,
> I'm writing a little application to generate an OpenPGP message with
a user's RSA public/private key for import into gpg. I noticed that GPG won't import the key without a valid self-signature.
> However, the RFC sections regarding the signature packet format are
a little unclear to me.
> My understanding of Version 4 signatures of RSA keys is as follows -
any clarifications/corrections are appreciated.
> 1) Hash the key packet you are protecting.
> 2) Hash the User ID packet
> 3) Hash the Signature packet through the hashed subpacket data, but
no further
> 4) Hash the 6-byte trailer
> 5) Insert the 160-bit hash value into an ASN.1 DigestInfo structure
> what?
> The spec indicates that the "signature" portion of the packet for
the RSA algorithm is an MPI of m**d (which I assume is the modulus raised to the private exponent). But there's no indication of where the m**d value and the ASN.1 DigestInfo structure meet in order to form a secure signature.
> I *know* I"m missing something because this just doesn't make sense
as a cryptographically secure signature. Anyone able to clarify for me? I think, somebody correct me if I'm wrong, that the ASN.1 structure is m and well, I'm sure you know what d and n are. I suggest you use RFC2440-bis02 to implement this, as this is likely to become the new standard and it contains the new MDC packets. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (MingW32) - GnuPGshell v1.80 Comment: Ubi libertas, ibi patria. iQEVAwUBO1htrOWR/8lWBVPnAQPb3ggArCksMIzEcP/3WaiuVebZYOELMtKQfFb3 3gqu9XyU0S58tkCQAyzEf5bEhLBTBR12UosRxAKYmH8yA3Q6TpC3BiLH1xvf/jki UuMKB7YzXRchZky1XNd7KXu6Or+7ihqCm9wQvfLsDC7QukgcffJQXzGPmvnTUAHB 1Z2YUq3v0CZ1jbycxRbMKYBfI99+t4joOpr9JCn85zNoaxPaXOB93GdXKe/x0BCR kVKO23mnUE54AxUjhmi2Bwgjv5uu1zTCF8afntNwZpWiCyW2PISQvt0ca9lRzwx8 nRZz2sFyak6Hxr0JzjY9fvslc2slFkm1x8+iJeMgsbNQtuVNO2bjgw== =F/QY -----END PGP SIGNATURE-----