Questions about LibrePGP specification

Werner Koch wk at gnupg.org
Thu Jun 20 19:08:21 CEST 2024 

Hi!

> 1. Section "5.2.4. Computing Signatures"
>     1. Comment: This section makes statements about v6 signatures, but
>        the hashed data for v6 signatures is not given. It seems it
>        hardly makes sense to describe v6 signatures in such an

The whole thing about support for v6 signatures has been done due to my
try to support some v6 signatures in GnuPG.  While doing this I realized
that the the crypto-refresh at some point dropped the hashing of the
meta data.  This makes support for v6 signatures questionable because it
is not explainable why a newer signatures format drops a long awaited
fix for signatures.  In case this bug does not get fixed in the
crypto-refresh draft it ill be better to remove all mentioning of v6
signatures.

One good thing with v6 signatures is that the hash area can be larger
than in v4 or v5.  In particular with some PQC algorithms this could be
helpful.

>     2. Comment: In the same section it says "when a V5 or V6 signature
>        is made over a key, the hash data starts with the octet 0x9a for
>        V5 and 0x9b for V6,". This is wrong since for v6 signatures, the
>        hashed data start with the salt.

Right, however the idea was to require a salt length of zero.  This is
not reflected in the draft because of the above mentioned problem. 

> 2. Section "12.1. Key Structures"
>     1. Question: This section makes User ID Packet optional for v4
>        keys. Is that a mistake? Is it possibly meant that this
>        requirement is removed for certificates with a v5 primary key?

Right, this seems to contradict section 11.1

   11.1.  Transferable Public Keys
   LibrePGP users may transfer public keys.  The essential elements of a
   transferable public key are as follows:
   *  One Public-Key packet
   *  Zero or more revocation signatures
   *  One or more User ID packets

which requires at least one user id packet.  IIRC this differences stems
from Derek Atkin's requirement to allow for tiny keyblocks.  But he had
no need to transfer them.  With the syntax used in 12.1 it was not
possible to tag a SHOULD to the number of user ID.  I'll add some
wording or will ask Derek whether he still requires the specification
compliant tiny keys.

>     2. related Question: This section says nothing about the structure
>        of v5 keys. Wouldn't that be necessary? What is the requirement
>        of v5 certificates specifically regarding User ID Packets?

The structure of v5 keys is described elsewhere.  Compared to a v4 key a
v5 key has just an additional length field and triggers the use of a
SHA256 fingerprint.


Shalom-Salam,

   Werner


-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://librepgp.org/pipermail/librepgp-discuss/attachments/20240620/e7a4253c/attachment.sig>

More information about the LibrePGP-discuss mailing list