Series of minor questions about OpenPGP 1

Peter Thomas p4.thomas at googlemail.com
Mon Jan 26 17:22:11 CET 2009


Hi David.

On Mon, Jan 26, 2009 at 3:52 PM, David Shaw <dshaw at jabberwocky.com> wrote:
>> I'm currently reading RFC4880 and I think I have many minor questions... is the gnupg-users list the right place to ask? Or is there any better place?
> Look for the ietf-openpgp mailing list at http://www.ietf.org/html.charters/openpgp-charter.html
I'll have a look at this, but as at least some of my questions seem to
be gnupg specific I'll continue to ask some stuff here.

>> 1) In chapter 3.7.2.1 on page 13 it says that the octet can have values "255 or 254". Is there any difference between the two?
> Yes, see section 5.5.3 for the exact details, but in general 254 indicates that there is a SHA-1 hash of the secret data included.  This is to prevent a secret key tampering attack.
Ah, thanks. So I'd should be 254 for better security of the private key, right?


>> What's the reason for this? I mean the RFC recommends to use the new packet format. Can I change that default behaviour? And if I have a key, that's already used and signed by others, could I convert it to using the new format?
> You could convert it, but there is little point.
Uhm, I just wanted to follow the recommendation of the RFC ;-)

>The function of a packet is the same no matter what.
So all other signatures would still be valid?

But there is probably no function in gnupg to do this conversion, is it?

Cheers,
Peter



More information about the Gnupg-users mailing list