GPG Signature Verification

Peter Lebbing peter at
Mon Apr 24 19:23:29 CEST 2017

On 20/04/17 21:17, Paul Taukatch wrote:
> Does anyone know exactly what this verify data is comprised of?

"data" seems to be correct: it is an EMSA-PKCS1-v1_5 encoded RSA SHA-256
signature. As RFC 3447 states:

EM = 0x00 || 0x01 || PS || 0x00 || T.

PS is a string of binary 1's to fill up the remaining space in the RSA
message, and T is a constant DER-encoding of SHA-256 followed by the
actual signature. The constant portion is in both RFC 3447 and RFC 4880:

 The full hash prefixes for these are as follows:


       SHA256:     0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86,
                   0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
                   0x00, 0x04, 0x20

The part of "cmp" that would correspond to the constant part of the DER
encoding I do not recognise. My guess is that you did not instruct the
library you're using to generate the signature to create an
EMSA-PKCS1-v1_5 encoding, and that's why it is generating an RSA message
that differs in construction.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20170424/38703483/attachment.sig>

More information about the Gnupg-users mailing list