Alphax alphasigmax at gmail.com
Fri Sep 22 02:44:50 CEST 2006

Robert J. Hansen wrote:
> I don't know off the top of my head whether DSA supports firewalled hash
> functions or not.  I believe that the last time I checked the spec, I
> came to the conclusion it did not.
> RSA signing keys, on the other hand, do support firewalling.

Interesting. I'm looking at the "official" (November 1998) RFC 2440 and
it's not immediately obvious that this is the case; although both the
Version 3 and Version 4 signature packet formats say that the hash
algorithm is part of the body of the packet, it says of RSA signatures:

>    With RSA signatures, the hash value is encoded as described in PKCS-1
>    section 10.1.2, "Data encoding", producing an ASN.1 value of type
>    DigestInfo, and then padded using PKCS-1 block type 01 [RFC2313].
>    This requires inserting the hash value as an octet string into an
>    ASN.1 structure. The object identifier for the type of hash being
>    used is included in the structure.  The hexadecimal representations
>    for the currently defined hash algorithms are:

Note that it's also not immediately obvious what the format of the
signature packet used in a clearsigned message is... I haven't looked at
the "working draft" of the RFC but hopefully it's a lot clearer than the
published version.

        Death to all fanatics!
  Down with categorical imperative!
OpenPGP key: http://tinyurl.com/lvq4g

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 569 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060922/6d5120c0/signature-0001.pgp

More information about the Gnupg-users mailing list