mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-27 01:52:06 +01:00
reformat subpacket details to ease comprehension
This commit is contained in:
parent
6283630e6c
commit
199d0bb5e8
1 changed files with 55 additions and 15 deletions
|
@ -172,7 +172,7 @@ Note that the *Public-Key packet* contains only the public part of the key.
|
||||||
|
|
||||||
The next packet in the certificate is a [*Direct Key Signature*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#sigtype-direct-key), which plays a crucial role in binding specific information to the primary key. This signature is contained within the file `alice.pub-1--Signature`.
|
The next packet in the certificate is a [*Direct Key Signature*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#sigtype-direct-key), which plays a crucial role in binding specific information to the primary key. This signature is contained within the file `alice.pub-1--Signature`.
|
||||||
|
|
||||||
This packet binds the data within the signature subpackets with the primary key. Each entry under "Signature Packet -> Hashed area" represents one signature subpacket, providing essential information such as algorithm preferences, including *symmetric algorithm preference* and *hash algorithm preferences*.
|
This packet binds the data within the signature subpackets with the primary key. Each entry under "Signature Packet -> Hashed area" is one signature subpacket, providing essential information such as algorithm preferences, including *symmetric algorithm preference* and *hash algorithm preferences*.
|
||||||
|
|
||||||
```text
|
```text
|
||||||
Signature Packet, new CTB, 2 header bytes + 182 bytes
|
Signature Packet, new CTB, 2 header bytes + 182 bytes
|
||||||
|
@ -242,7 +242,7 @@ Signature Packet, new CTB, 2 header bytes + 182 bytes
|
||||||
000000b0 54 01 f9 5f 81 41 90 0e
|
000000b0 54 01 f9 5f 81 41 90 0e
|
||||||
```
|
```
|
||||||
|
|
||||||
Let’s examine the packet field by field:
|
Below is a field-by-field examination of the packet:
|
||||||
|
|
||||||
- `CTB: 0xc2`: This field indicates the Packet type ID for this packet. Bits 7 and 6 show that the packet is in “OpenPGP packet format.” The remaining 6 bits encode the type ID’s value, which is “2” for a Signature packet.
|
- `CTB: 0xc2`: This field indicates the Packet type ID for this packet. Bits 7 and 6 show that the packet is in “OpenPGP packet format.” The remaining 6 bits encode the type ID’s value, which is “2” for a Signature packet.
|
||||||
|
|
||||||
|
@ -254,29 +254,69 @@ The packet type ID (`0xc2`) defines the semantics of the remaining data in the p
|
||||||
|
|
||||||
- `type: 0x1f`: This indicates the [Signature Type](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-signature-types).
|
- `type: 0x1f`: This indicates the [Signature Type](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-signature-types).
|
||||||
|
|
||||||
- `pk_algo: 0x1b`: This specifies the Public-Key algorithm ID. In this case, decimal 27 corresponds to [Ed25519](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-public-key-algorithms)).
|
- `pk_algo: 0x1b`: This specifies the Public-Key algorithm ID, with decimal 27 corresponding to [Ed25519](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-public-key-algorithms)).
|
||||||
|
|
||||||
- `hash_algo: 0x0a`: This specifies the hash algorithm ID. In this case, decimal 10 corresponds to [SHA2-512](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-hash-algorithms)).
|
- `hash_algo: 0x0a`: This specifies the hash algorithm ID, with decimal 10 corresponding to [SHA2-512](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-hash-algorithms)).
|
||||||
|
|
||||||
- `hashed_area_len: 0x0000003d`: This specifies the length of the following hashed subpacket data.
|
- `hashed_area_len: 0x0000003d`: This specifies the length of the following hashed subpacket data.
|
||||||
|
|
||||||
The next part of this packet contains hashed subpacket data. A subpacket data set in an OpenPGP Signature contains a list of zero or more Signature subpackets.
|
The next segment of this packet contains the hashed subpacket data.
|
||||||
|
|
||||||
There are two sets of subpacket data in a Signature: hashed, and unhashed. The difference is that the hashed subpackets are protected by the digital signature of this packet, while the unhashed subpackets are not.
|
In OpenPGP Signatures, there are two sets of subpacket data: hashed and unhashed. Hashed subpackets are protected by the digital signature of the packet, while unhashed subpackets are not.
|
||||||
|
|
||||||
The following subpacket data consists of sets of "subpacket length, subpacket type ID, data." We'll show the information for each subpacket as one line, starting with the [subpacket type description](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-signature-subpacket-specifi) (based on the subpacket type ID). Note that bit 7 of the subpacket type ID signals if that subpacket is ["critical"](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#section-5.2.3.7-10).
|
A subpacket data set in an OpenPGP Signature contains a list of zero or more Signature subpackets.
|
||||||
|
|
||||||
|
|
||||||
|
The following subpacket data consists of sets of "subpacket length, subpacket type ID, data." Each subpacket is displayed as one line, starting with the [subpacket type description](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-signature-subpacket-specifi) (based on the subpacket type ID). Note that bit 7 of the subpacket type ID signals if that subpacket is ["critical."](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#section-5.2.3.7-10)
|
||||||
|
|
||||||
```{note}
|
```{note}
|
||||||
Critical here means: the receiver must be able to interpret the subpacket and is expected to fail, otherwise. Non-critical subpackets may be ignored by the receiver.
|
Critical here means that the receiver must interpret the subpacket and is expected to fail, otherwise. Non-critical subpackets may be ignored by the receiver.
|
||||||
```
|
```
|
||||||
|
|
||||||
- [Signature creation time](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#signature-creation-subpacket) (subpacket type 2, **critical**): `0x6516eaa6` (also see [Time Fields](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-time-fields))
|
The subpacket details are as follows:
|
||||||
- [Key expiration time](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#key-expiration-subpacket) (subpacket type 9, **critical**): `0x05a48fbd` (defined as number of seconds after the key creation time)
|
|
||||||
- [Preferred symmetric ciphers for v1 SEIPD](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#preferred-v1-seipd) (type 11): `0x09 0x07`. (These values [correspond to](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#symmetric-algos): *AES with 256-bit key* and *AES with 128-bit key*)
|
- [**Signature Creation Time**](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#signature-creation-subpacket)
|
||||||
- [Preferred hash algorithms](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#preferred-hashes-subpacket) (subpacket type 21): `0x0a 0x08`. (These values [correspond to](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-hash-algorithms): *SHA2-512* and *SHA2-256*)
|
- Type: `2`
|
||||||
- [Key flags](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#key-flags) (subpacket type 27, **critical**): `0x01`. (This value [corresponds](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-key-flags) to the *certifications* key flag)
|
- Critical: `Yes`
|
||||||
- [Features](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#features-subpacket) (subpacket type 30): `0x01`. (This value [corresponds](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-features) to: *Symmetrically Encrypted Integrity Protected Data packet version 1*)
|
- Value: `0x6516eaa6`
|
||||||
- [Issuer fingerprint](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#issuer-fingerprint-subpacket) (subpacket type 33): `aaa18cbb254685c58358320563fd37b67f3300f9fb0ec457378cd29f102698b3` (this is the fingerprint of the component key that issued the signature in this packet. Not that here, the value is the primary key fingerprint of the certificate we're looking at.)
|
- Notes: See also [Time Fields](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#name-time-fields).
|
||||||
|
|
||||||
|
- [**Key Expiration Time**](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#key-expiration-subpacket)
|
||||||
|
- Type: `9`
|
||||||
|
- Critical: `Yes`
|
||||||
|
- Value: `0x05a48fbd`
|
||||||
|
- Notes: Defined as number of seconds after the key creation time.
|
||||||
|
|
||||||
|
- [**Preferred Symmetric Ciphers for v1 SEIPD**](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#preferred-v1-seipd)
|
||||||
|
- Type: `11`
|
||||||
|
- Critical: `No`
|
||||||
|
- Value: `0x09 0x07`
|
||||||
|
- Notes: Values correspond to *AES with 256-bit key* and *AES with 128-bit key*.
|
||||||
|
|
||||||
|
- [**Preferred Hash Algorithms**](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#preferred-hashes-subpacket)
|
||||||
|
- Type: `21`
|
||||||
|
- Critical: `No`
|
||||||
|
- Value: `0x0a 0x08`
|
||||||
|
- Notes: Values correspond to *SHA2-512* and *SHA2-256*.
|
||||||
|
|
||||||
|
- [**Key Flags**](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#key-flags)
|
||||||
|
- Type: `27`
|
||||||
|
- Critical: `Yes`
|
||||||
|
- Value: `0x01`
|
||||||
|
- Notes: Value corresponds to the *certifications* key flag.
|
||||||
|
|
||||||
|
- [**Features**](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#features-subpacket)
|
||||||
|
- Type: `30`
|
||||||
|
- Critical: `No`
|
||||||
|
- Value: `0x01`
|
||||||
|
- Notes: Value corresponds to: *Symmetrically Encrypted Integrity Protected Data packet version 1*.
|
||||||
|
|
||||||
|
- [**Issuer Fingerprint**](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#issuer-fingerprint-subpacket)
|
||||||
|
- Type: `33`
|
||||||
|
- Critical: `No`
|
||||||
|
- Value: `aaa18cbb254685c58358320563fd37b67f3300f9fb0ec457378cd29f102698b3`
|
||||||
|
- Notes: This is the fingerprint of the component key that issued the signature in this packet. Note that here, the value is the primary key fingerprint of the certificate we're looking at.
|
||||||
|
|
||||||
|
|
||||||
The next part of this packet contains "unhashed subpacket data":
|
The next part of this packet contains "unhashed subpacket data":
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue