From 79f122114b8f446fcf1d16170876609aa637c029 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Sat, 28 Oct 2023 17:57:50 +0200 Subject: [PATCH] ch19: "zooming in" data signature examples --- book/source/19-zoom_signatures.md | 217 ++++++++++++++++++++++++++++++ 1 file changed, 217 insertions(+) diff --git a/book/source/19-zoom_signatures.md b/book/source/19-zoom_signatures.md index 7f29aef..350677b 100644 --- a/book/source/19-zoom_signatures.md +++ b/book/source/19-zoom_signatures.md @@ -3,4 +3,221 @@ SPDX-FileCopyrightText: 2023 The "Notes on OpenPGP" project SPDX-License-Identifier: CC-BY-SA-4.0 --> +(zoom_sign_data)= # Zooming in: Packet structure of data signatures + +In this chapter, we'll create signatures using [Alice's private key](alice_priv) material, and inspect the packet structure of those signatures. + +In some examples, we'll use a test-message that contains the string `hello world` followed by one line feed (`0x0a`) character: + +```text +$ echo "hello world" > message.txt +``` + +## Detached signature + +We can produce a detached signature for this "hello world" message, using Alice's private signing key material: + +```text +$ sq sign --detached --signer-file alice.pgp message.txt +-----BEGIN PGP SIGNATURE----- + +wpgGABsKAAAAKQWCZT0tDyIhBtB7JOyRoU3SQKwtU+bIqeBUlJpBIi6nOFdu0Zyu +o9yZAAAAANueIJCkVJ5aC1Zw485o7Y72uHPnk7ktkZyhKH2MuHjCdIHQU0qe/8bR +0B3ywHNzLwUoqj0efYWhj6XeXa08haxUH7i50MEDjfFrPc281B0C5fiiGN4PYc76 +B8tA2/ZjsSgHCw== +=n8EV +-----END PGP SIGNATURE----- +``` + +And inspect the packet structure of this signature: + +```text +$ sq packet dump --hex detached-sig.txt +Signature Packet, new CTB, 2 header bytes + 152 bytes + Version: 6 + Type: Binary + Pk algo: Ed25519 + Hash algo: SHA512 + Hashed area: + Signature creation time: 2023-10-28 15:40:57 UTC (critical) + Issuer Fingerprint: D07B24EC91A14DD240AC2D53E6C8A9E054949A41222EA738576ED19CAEA3DC99 + Digest prefix: 97F5 + Level: 0 (signature over data) + + 00000000 c2 CTB + 00000001 98 length + 00000002 06 version + 00000003 00 type + 00000004 1b pk_algo + 00000005 0a hash_algo + 00000006 00 00 00 29 hashed_area_len + 0000000a 05 subpacket length + 0000000b 82 subpacket tag + 0000000c 65 3d 2b 89 sig creation time + 00000010 22 subpacket length + 00000011 21 subpacket tag + 00000012 06 version + 00000013 d0 7b 24 ec 91 a1 4d d2 40 ac 2d 53 e6 issuer fp + 00000020 c8 a9 e0 54 94 9a 41 22 2e a7 38 57 6e d1 9c ae + 00000030 a3 dc 99 + 00000033 00 00 00 00 unhashed_area_len + 00000037 97 digest_prefix1 + 00000038 f5 digest_prefix2 + 00000039 20 salt_len + 0000003a b4 c6 ed 8e 3f 08 salt + 00000040 90 69 36 82 19 7d e9 df 74 18 af 92 d1 ee a3 08 + 00000050 0a 18 87 de 56 f1 01 a3 00 89 + 0000005a ef 83 32 b9 40 84 ed25519_sig + 00000060 10 21 33 f4 7a e9 05 0d 5c 16 10 75 27 95 0a 32 + 00000070 49 e0 98 2d 0e 74 b0 f1 17 d4 3e 69 95 a7 6f b9 + 00000080 76 bc 22 3d ee 9c 46 e8 d5 41 12 6c c8 f5 c6 37 + 00000090 06 14 f5 3b a7 cd a7 ea 96 0b +``` + +## Inline signature + +```text +$ sq sign --signer-file alice.pgp message.txt +-----BEGIN PGP MESSAGE----- + +xA0DAAob0Hsk7JGhTdIByxJiAAAAAABoZWxsbyB3b3JsZArCmAYAGwoAAAApBYJl +PS6aIiEG0Hsk7JGhTdJArC1T5sip4FSUmkEiLqc4V27RnK6j3JkAAAAA2fQg3Chc +XOvRADo3I2sUdXevtp29q//4cFpY89jZSmZccCmC0rzU2cuCZTPer8IugpmpbcAT +VePYVzWPYUH/XcGJBuGNJVbKSGP2sgNqUb33XhtusK+TRiu4qxgwgOXVywwF +=AZt5 +-----END PGP MESSAGE----- +``` + +```text +$ sq sign --signer-file alice.pgp message.txt |sq packet dump --hex +One-Pass Signature Packet, new CTB, 2 header bytes + 13 bytes + Version: 3 + Type: Binary + Pk algo: Ed25519 + Hash algo: SHA512 + Issuer: D07B24EC91A14DD2 + Last: true + + 00000000 c4 CTB + 00000001 0d length + 00000002 03 version + 00000003 00 type + 00000004 0a hash_algo + 00000005 1b pk_algo + 00000006 d0 7b 24 ec 91 a1 4d d2 issuer + 0000000e 01 last + +Literal Data Packet, new CTB, 2 header bytes + 18 bytes + Format: Binary data + Content: "hello world\n" + + 00000000 cb CTB + 00000001 12 length + 00000002 62 format + 00000003 00 filename_len + 00000004 00 00 00 00 date + 00000008 68 65 6c 6c 6f 20 77 6f hello wo + 00000010 72 6c 64 0a rld. + +Signature Packet, new CTB, 2 header bytes + 152 bytes + Version: 6 + Type: Binary + Pk algo: Ed25519 + Hash algo: SHA512 + Hashed area: + Signature creation time: 2023-10-28 15:54:09 UTC (critical) + Issuer Fingerprint: D07B24EC91A14DD240AC2D53E6C8A9E054949A41222EA738576ED19CAEA3DC99 + Digest prefix: 89FF + Level: 0 (signature over data) + + 00000000 c2 CTB + 00000001 98 length + 00000002 06 version + 00000003 00 type + 00000004 1b pk_algo + 00000005 0a hash_algo + 00000006 00 00 00 29 hashed_area_len + 0000000a 05 subpacket length + 0000000b 82 subpacket tag + 0000000c 65 3d 2e a1 sig creation time + 00000010 22 subpacket length + 00000011 21 subpacket tag + 00000012 06 version + 00000013 d0 7b 24 ec 91 a1 4d d2 40 ac 2d 53 e6 issuer fp + 00000020 c8 a9 e0 54 94 9a 41 22 2e a7 38 57 6e d1 9c ae + 00000030 a3 dc 99 + 00000033 00 00 00 00 unhashed_area_len + 00000037 89 digest_prefix1 + 00000038 ff digest_prefix2 + 00000039 20 salt_len + 0000003a f9 e8 86 74 33 55 salt + 00000040 b1 23 dc 05 b2 0a 48 ff 68 83 4d 69 94 da b3 67 + 00000050 d2 4e 46 5d f1 0e 44 4b d9 29 + 0000005a 47 42 69 50 a2 85 ed25519_sig + 00000060 b3 e4 35 38 72 f0 d6 68 2b 59 21 d9 1c 1a 6a 7a + 00000070 92 74 6e 06 63 2b ad 23 85 97 ae 25 39 06 88 dc + 00000080 8e d6 6b 6d a9 c1 16 08 e6 c4 d9 9c 6a a6 5d 50 + 00000090 74 aa c3 95 c4 9a b0 03 ee 03 +``` + +## Cleartext signature + +```text +$ sq sign --cleartext-signature --signer-file alice.pgp message.txt +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA512 + +hello world +-----BEGIN PGP SIGNATURE----- + +wpgGARsKAAAAKQWCZT0vBCIhBtB7JOyRoU3SQKwtU+bIqeBUlJpBIi6nOFdu0Zyu +o9yZAAAAANqgIHAzoRTzu/7Zuxc8Izf4r3/qSCmBfDqWzTXqmVtsSBSHACka3qbN +eehqu8H6S0UK8V7yHbpVhExu9Hu72jWEzU/B0h9MR5gDhJPoWurx8YfyXBDsRS4y +r13/eqMN8kfCDw== +=Ks9w +-----END PGP SIGNATURE----- +``` + +```text +$ sq sign --cleartext-signature --signer-file alice.pgp message.txt |sq packet dump --hex +Signature Packet, new CTB, 2 header bytes + 152 bytes + Version: 6 + Type: Text + Pk algo: Ed25519 + Hash algo: SHA512 + Hashed area: + Signature creation time: 2023-10-28 15:56:30 UTC (critical) + Issuer Fingerprint: D07B24EC91A14DD240AC2D53E6C8A9E054949A41222EA738576ED19CAEA3DC99 + Digest prefix: 53D2 + Level: 0 (signature over data) + + 00000000 c2 CTB + 00000001 98 length + 00000002 06 version + 00000003 01 type + 00000004 1b pk_algo + 00000005 0a hash_algo + 00000006 00 00 00 29 hashed_area_len + 0000000a 05 subpacket length + 0000000b 82 subpacket tag + 0000000c 65 3d 2f 2e sig creation time + 00000010 22 subpacket length + 00000011 21 subpacket tag + 00000012 06 version + 00000013 d0 7b 24 ec 91 a1 4d d2 40 ac 2d 53 e6 issuer fp + 00000020 c8 a9 e0 54 94 9a 41 22 2e a7 38 57 6e d1 9c ae + 00000030 a3 dc 99 + 00000033 00 00 00 00 unhashed_area_len + 00000037 53 digest_prefix1 + 00000038 d2 digest_prefix2 + 00000039 20 salt_len + 0000003a 9d e4 5e 3f 37 33 salt + 00000040 d8 9c 70 d8 b5 e2 30 48 6c b8 2e 75 9d 7c 10 3b + 00000050 42 a2 6d f4 db 96 47 d3 57 42 + 0000005a 58 99 2f 2c a2 35 ed25519_sig + 00000060 b7 3f 63 8a 7f f1 d0 b7 5b 38 cd 92 bb e9 b5 59 + 00000070 9b 45 e1 0b fd d9 e7 96 4d e4 e9 5f 22 29 91 6d + 00000080 85 a3 94 90 11 9d 3a 3d 32 74 a7 32 ca 73 4b 45 + 00000090 4f 19 a5 49 3d d8 83 0e 1b 09 +```