Discrepancies in extracted photo-id images from dumps

Peter Lebbing peter at digitalbrains.com
Mon Jan 21 14:21:53 CET 2019


Hello Stefan,

On 21/01/2019 12:46, Stefan Claas wrote:
> To compute the hash of an image one has to add a 22bytes header
> to the image and then the hash will be properly computed.

Since I didn't exactly follow the "22 bytes" part I looked at it one
more time; I got curious. It turned out I accidentally cut off part of
the inner header when I intended to strip the outer header, silly me. I
went too quickly.  What works for me is:

- Take the User Attribute Packet
- Strip off the header: 1 byte tag, and in my case, 2 bytes length
  (lengths are encoded on 1, 2 or 5 bytes)
- Hash what's left

So:

$ gpg --export KEYID | gpgsplit

Take a file named *.attribute

Is the file smaller than 194 bytes? Wow, small attribute. Drop the first
two bytes.

Is the file between 194 and 8386 bytes inclusive? Drop the first three.

If it's larger than 8386 bytes, drop the first six bytes.

And hash the rest of the file.

$ dd if=002839-017.attribute bs=1 skip=3 status=none|gpg --print-md RIPEMD160

For a real implementation, it's better to inspect the length field
rather than reverse-compute its own length based on the file size.

The 22 bytes added goes in reverse: 2 octets encoded length apparently,
appropriate for the usual JPEG file smaller than a bit over 8 KiB, and
then 01 10 00 01 01 00 00 00 00 00 00 00 00 00 00 00 00 for the header
bits before the JPEG file.

> To get the proper base32 value i had to use Werner's zb32.

Python:

--8<---------------cut here---------------start------------->8---
b32s = "ybndrfg8ejkmcpqxot1uwisza345h769"
def b32enc(i):
    s = ""
    while i:
        s = b32s[i & 0x1f] + s
        i >>= 5
    return s

def b32dec(s):
    out = 0
    for c in s:
        out = (out << 5) + b32s.index(c)
    return out
--8<---------------cut here---------------end--------------->8---

If the encoded string is shorter than expected, prepend y's :-). It's
the simplest code that sort-of works. There might be more issues, it's
really bare-bones.

HTH,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190121/4b8f0ce1/attachment.sig>


More information about the Gnupg-users mailing list