mirror of
https://codeberg.org/openpgp/notes.git
synced 2024-11-27 01:52:06 +01:00
ch4: adjust to use alice's v6 key; minor edits
This commit is contained in:
parent
f080803555
commit
854bda18ad
2 changed files with 361 additions and 349 deletions
|
@ -14,10 +14,10 @@ First, without additional context, the word "key" can refer either to public, or
|
|||
Independent of the distinction between private and public keys, in OpenPGP, the term "key" is used to refer to three different layers, all related but distinct:
|
||||
|
||||
1. A (bare) "cryptographic key" (without additional metadata). Those might be the private and/or public parameters that form a key, e.g., in case of an RSA private key, the exponent `d` along with the prime numbers `p` and `q`.
|
||||
2. An OpenPGP *component key*: Either an "OpenPGP primary key", or an "OpenPGP subkey". A component key is one building block of an OpenPGP certificate. It consist of a (bare) cryptographic keypair combined some invariant metadata (e.g. key creation time).
|
||||
3. An "OpenPGP certificate" (or "OpenPGP key"): Consists of a number of component keys plus additional elements, such as identity information. (e.g. OpenPGP "key servers" serve this type of object).
|
||||
2. An OpenPGP *component key*: Either an "OpenPGP primary key", or an "OpenPGP subkey". A component key is one building block of an OpenPGP certificate. It consists of a (bare) cryptographic keypair combined some invariant metadata (e.g. key creation time).
|
||||
3. An "OpenPGP certificate" (or "OpenPGP key"): Consists of a number of component keys plus additional elements, such as identity information. (e.g., OpenPGP "key servers" serve this type of object).
|
||||
|
||||
In the following section, we'll look at two OpenPGP-specific layers (2 and 3).
|
||||
In the following section, we'll look at the two OpenPGP-specific layers (2 and 3).
|
||||
|
||||
|
||||
## Structure of OpenPGP certificates
|
||||
|
@ -66,22 +66,28 @@ For each OpenPGP component key, an *OpenPGP fingerprint* can be derived from the
|
|||
Each OpenPGP component key has a fingerprint
|
||||
```
|
||||
|
||||
The fingerprint of our example component OpenPGP key is `B3D2 7B09 FBA4 1235 2B41 8972 C8B8 6AC4 2455 4239` [^keyid].
|
||||
The fingerprint of our example component OpenPGP key is `AAA1 8CBB 2546 85C5 8358 3205 63FD 37B6 7F33 00F9 FB0E C457 378C D29F 1026 98B3` [^keyid].
|
||||
|
||||
[^keyid]: Sometimes, a shortened (64 bit) version of the fingerprint is used instead of the full fingerprint, like this: `C8B8 6AC4 2455 4239` (the rightmost 64 bit of the fingerprint). This type of identifier is called a "Key ID". Historically, 32 bit shorthand identifiers have been used with PGP, like this: `2455 4239`. You may still see such identifiers in very old documents about PGP, but 32 bit identifiers have [been unfit for purpose for a long time](https://evil32.com/). At some point, 32 bit identifiers were called "short Key ID", while 64 bit identifiers were called "long Key ID".
|
||||
[^keyid]: In OpenPGP version 4, the rightmost 64 bit were sometimes used as a shorter identifier, called "Key ID".
|
||||
E.g., an OpenPGP version 4 certificate with the fingerprint `B3D2 7B09 FBA4 1235 2B41 8972 C8B8 6AC4 2455 4239` might be referred to by the 64 bit Key ID `C8B8 6AC4 2455 4239` or styled as `0xC8B86AC424554239`.
|
||||
Historically, even shorter 32 bit identifiers have sometimes been used, like this: `2455 4239`, or `0x24554239`. You may still see such identifiers in very old documents about PGP. However, 32 bit identifiers have [been unfit for purpose for a long time](https://evil32.com/). At some point, 32 bit identifiers were called "short Key ID", while 64 bit identifiers were called "long Key ID".
|
||||
|
||||
#### Primary key
|
||||
|
||||
The "OpenPGP primary key" has the same structure as all other component keys. But it serves a central role:
|
||||
|
||||
- Its fingerprint is used as the unique identifier for the full OpenPGP certificate.
|
||||
- In addition, it is used for lifecycle operations (e.g. adding or invalidating subkeys or identities in a certificate)
|
||||
- In addition, it is used for lifecycle operations, such as adding or invalidating subkeys or identities in a certificate.
|
||||
|
||||
(The OpenPGP primary key has historically also sometimes informally been referred to as "master key".)
|
||||
```{admonition} Terminology
|
||||
:class: note
|
||||
|
||||
In the RFC, the OpenPGP primary key is also sometimes referred to as "top-level key." Historically, it has sometimes informally been called "master key."
|
||||
```
|
||||
|
||||
#### Subkeys
|
||||
|
||||
In addition to the primary key, modern OpenPGP certificates can contain "subkeys" in addition to the primary key.
|
||||
In addition to the primary key, modern OpenPGP certificates usually contain "subkeys" in addition to the primary key.
|
||||
|
||||
Subkeys have the same structure as the primary key, but play a subtly different role in the certificate. Subkeys are cryptographically linked with the primary key (more on this below).
|
||||
|
||||
|
@ -178,7 +184,7 @@ This additional "Primary Key Binding Signature" is informally called a "back sig
|
|||
|
||||
OpenPGP certificates often contain identity markers. Typically, in the form of "User ID"s (however, User Attributes are analogous for the purpose of this section).
|
||||
|
||||
For example, above, we saw the User ID "Alice Adams <alice@example.org>" associated with Alice's key `B3D2 7B09 FBA4 1235 2B41 8972 C8B8 6AC4 2455 4239`.
|
||||
For example, above, we saw the User ID `Alice Adams <alice@example.org>` associated with Alice's key `AAA1 8CBB 2546 85C5 8358 3205 63FD 37B6 7F33 00F9 FB0E C457 378C D29F 1026 98B3`.
|
||||
|
||||
Alice can link a User ID to her OpenPGP certificate with a cryptographic signature. To link a User ID, a signature of the type `PositiveCertification` is created. The signature is issued using the primary (secret) key.
|
||||
|
||||
|
@ -247,122 +253,123 @@ The counterpart is called [Transferable Secret Keys](https://www.ietf.org/archiv
|
|||
|
||||
### A minimal OpenPGP key
|
||||
|
||||
A minimal key can be made with Sequoia-PGP like this:
|
||||
|
||||
`let (cert, _) = CertBuilder::new().generate()?;`
|
||||
A minimal OpenPGP key consists of the Secret-Key Packet for the primary key, and a self-certification (the Direct Key Signature).
|
||||
|
||||
#### Seen as a private OpenPGP key
|
||||
|
||||
Viewed as a private key (in ASCII-armored representation), such a minimal key looks like this:
|
||||
A minimal version of [Alice's private key](alice_priv) (in ASCII-armored representation) looks like this:
|
||||
|
||||
```
|
||||
```text
|
||||
-----BEGIN PGP PRIVATE KEY BLOCK-----
|
||||
Comment: 6D10 0EB0 444D 1648 DAD9 A0EE DE83 CCF4 A204 F957
|
||||
Comment: AAA1 8CBB 2546 85C5 8358 3205 63FD 37B6 7F33 00F9 FB0E C457 378C D29F 1026 98B3
|
||||
|
||||
xVgEX7Kj9hYJKwYBBAHaRw8BAQdAztZjmUk3IUgnKwR9rfukVUt7UaVsvk+AoBtO
|
||||
ZNbVqDcAAP4nrycHrmWHT8g454H/tr/19rT0nuPkYxMCUH9z5Atx/xLYwoMEHxYK
|
||||
ADUFgl+yo/YDCwkHCRDeg8z0ogT5VwMVCggCmwECHgEWIQRtEA6wRE0WSNrZoO7e
|
||||
g8z0ogT5VwAAbFgBAO1OYraoaDmFMZ7JWbLoTKW7xpDUNKB+kh+bdC6HjYpcAP9q
|
||||
HhhgNE7noeQEsJmR0yW7tTYT8RyrJF6o2xZENlXdCw==
|
||||
=/8Os
|
||||
xUsGZRbqphsAAAAgUyTpQ6+rFfdu1bUSmHlpzRtdEGXr50Liq0f0hrOuZT4A7+GZ
|
||||
tV8R+6qT6CadO7ItciB9/71C3UvpozaBO6XMz/vCtgYfGwoAAAA9BYJlFuqmBYkF
|
||||
pI+9AwsJBwMVCggCmwECHgEiIQaqoYy7JUaFxYNYMgVj/Te2fzMA+fsOxFc3jNKf
|
||||
ECaYswAAAAoJEKqhjLslRoXFZ0cgouNjgeNr0E9W18g4gAIl6FM5SWuQxg12j0S0
|
||||
7ExCOI5NPRDCrSnAV85mAXOzeIGeiVLPQ40oEal3CX/L+BXIoY2sIEQrLd4TAEEy
|
||||
0BA8aQZTPEmMdiOCM1QB+V+BQZAO
|
||||
=f0GN
|
||||
-----END PGP PRIVATE KEY BLOCK-----
|
||||
```
|
||||
|
||||
Looking into the internals of this key with `sq packet dump --hex`, or https://dump.sequoia-pgp.org/, we see that it is made up of a sequence of "Packets":
|
||||
If we decode this OpenPGP data, we see that the key is made up of a sequence of two packets:
|
||||
|
||||
```
|
||||
Secret-Key Packet, new CTB, 2 header bytes + 88 bytes
|
||||
Version: 4
|
||||
Creation time: 2020-11-16 16:08:22 UTC
|
||||
Pk algo: EdDSA Edwards-curve Digital Signature Algorithm
|
||||
Pk size: 256 bits
|
||||
Fingerprint: 6D10 0EB0 444D 1648 DAD9 A0EE DE83 CCF4 A204 F957
|
||||
KeyID: DE83 CCF4 A204 F957
|
||||
```text
|
||||
$ sq packet dump --hex alice_minimal.priv
|
||||
Secret-Key Packet, new CTB, 2 header bytes + 75 bytes
|
||||
Version: 6
|
||||
Creation time: 2023-09-29 15:17:58 UTC
|
||||
Pk algo: Ed25519
|
||||
Pk size: 256 bits
|
||||
Fingerprint: AAA18CBB254685C58358320563FD37B67F3300F9FB0EC457378CD29F102698B3
|
||||
KeyID: AAA18CBB254685C5
|
||||
|
||||
Secret Key:
|
||||
|
||||
Unencrypted
|
||||
|
||||
00000000 c5 CTB
|
||||
00000001 58 length
|
||||
00000002 04 version
|
||||
00000003 5f b2 a3 f6 creation_time
|
||||
00000007 16 pk_algo
|
||||
00000008 09 curve_len
|
||||
00000009 2b 06 01 04 01 da 47 curve
|
||||
00000010 0f 01
|
||||
00000012 01 07 eddsa_public_len
|
||||
00000014 40 ce d6 63 99 49 37 21 48 27 2b 04 eddsa_public
|
||||
00000020 7d ad fb a4 55 4b 7b 51 a5 6c be 4f 80 a0 1b 4e
|
||||
00000030 64 d6 d5 a8 37
|
||||
00000035 00 s2k_usage
|
||||
00000036 00 fe eddsa_secret_len
|
||||
00000038 27 af 27 07 ae 65 87 4f eddsa_secret
|
||||
00000040 c8 38 e7 81 ff b6 bf f5 f6 b4 f4 9e e3 e4 63 13
|
||||
00000050 02 50 7f 73 e4 0b 71 ff
|
||||
00000058 12 d8 checksum
|
||||
00000001 4b length
|
||||
00000002 06 version
|
||||
00000003 65 16 ea a6 creation_time
|
||||
00000007 1b pk_algo
|
||||
00000008 00 00 00 20 public_len
|
||||
0000000c 53 24 e9 43 ed25519_public
|
||||
00000010 af ab 15 f7 6e d5 b5 12 98 79 69 cd 1b 5d 10 65
|
||||
00000020 eb e7 42 e2 ab 47 f4 86 b3 ae 65 3e
|
||||
0000002c 00 s2k_usage
|
||||
0000002d ef e1 99 ed25519_secret
|
||||
00000030 b5 5f 11 fb aa 93 e8 26 9d 3b b2 2d 72 20 7d ff
|
||||
00000040 bd 42 dd 4b e9 a3 36 81 3b a5 cc cf fb
|
||||
|
||||
Signature Packet, new CTB, 2 header bytes + 131 bytes
|
||||
Version: 4
|
||||
Type: DirectKey
|
||||
Pk algo: EdDSA Edwards-curve Digital Signature Algorithm
|
||||
Hash algo: SHA512
|
||||
Hashed area:
|
||||
Signature creation time: 2020-11-16 16:08:22 UTC (critical)
|
||||
Symmetric algo preferences: AES256, AES128
|
||||
Issuer: DE83 CCF4 A204 F957
|
||||
Hash preferences: SHA512, SHA256
|
||||
Key flags: C (critical)
|
||||
Features: MDC
|
||||
Issuer Fingerprint: 6D10 0EB0 444D 1648 DAD9 A0EE DE83 CCF4 A204 F957
|
||||
Digest prefix: 6C58
|
||||
Level: 0 (signature over data)
|
||||
Signature Packet, new CTB, 2 header bytes + 182 bytes
|
||||
Version: 6
|
||||
Type: DirectKey
|
||||
Pk algo: Ed25519
|
||||
Hash algo: SHA512
|
||||
Hashed area:
|
||||
Signature creation time: 2023-09-29 15:17:58 UTC (critical)
|
||||
Key expiration time: P1095DT62781S (critical)
|
||||
Symmetric algo preferences: AES256, AES128
|
||||
Hash preferences: SHA512, SHA256
|
||||
Key flags: C (critical)
|
||||
Features: MDC
|
||||
Issuer Fingerprint: AAA18CBB254685C58358320563FD37B67F3300F9FB0EC457378CD29F102698B3
|
||||
Unhashed area:
|
||||
Issuer: AAA18CBB254685C5
|
||||
Digest prefix: 6747
|
||||
Level: 0 (signature over data)
|
||||
|
||||
00000000 c2 CTB
|
||||
00000001 83 length
|
||||
00000002 04 version
|
||||
00000001 b6 length
|
||||
00000002 06 version
|
||||
00000003 1f type
|
||||
00000004 16 pk_algo
|
||||
00000004 1b pk_algo
|
||||
00000005 0a hash_algo
|
||||
00000006 00 35 hashed_area_len
|
||||
00000008 05 subpacket length
|
||||
00000009 82 subpacket tag
|
||||
0000000a 5f b2 a3 f6 sig creation time
|
||||
0000000e 03 subpacket length
|
||||
0000000f 0b subpacket tag
|
||||
00000010 09 07 pref sym algos
|
||||
00000012 09 subpacket length
|
||||
00000013 10 subpacket tag
|
||||
00000014 de 83 cc f4 a2 04 f9 57 issuer
|
||||
0000001c 03 subpacket length
|
||||
0000001d 15 subpacket tag
|
||||
0000001e 0a 08 pref hash algos
|
||||
00000020 02 subpacket length
|
||||
00000021 9b subpacket tag
|
||||
00000022 01 key flags
|
||||
00000023 02 subpacket length
|
||||
00000024 1e subpacket tag
|
||||
00000025 01 features
|
||||
00000026 16 subpacket length
|
||||
00000027 21 subpacket tag
|
||||
00000028 04 version
|
||||
00000029 6d 10 0e b0 44 4d 16 issuer fp
|
||||
00000030 48 da d9 a0 ee de 83 cc f4 a2 04 f9 57
|
||||
0000003d 00 00 unhashed_area_len
|
||||
0000003f 6c digest_prefix1
|
||||
00000040 58 digest_prefix2
|
||||
00000041 01 00 eddsa_sig_r_len
|
||||
00000043 ed 4e 62 b6 a8 68 39 85 31 9e c9 59 b2 eddsa_sig_r
|
||||
00000050 e8 4c a5 bb c6 90 d4 34 a0 7e 92 1f 9b 74 2e 87
|
||||
00000060 8d 8a 5c
|
||||
00000063 00 ff eddsa_sig_s_len
|
||||
00000065 6a 1e 18 60 34 4e e7 a1 e4 04 b0 eddsa_sig_s
|
||||
00000070 99 91 d3 25 bb b5 36 13 f1 1c ab 24 5e a8 db 16
|
||||
00000080 44 36 55 dd 0b
|
||||
00000006 00 00 00 3d hashed_area_len
|
||||
0000000a 05 subpacket length
|
||||
0000000b 82 subpacket tag
|
||||
0000000c 65 16 ea a6 sig creation time
|
||||
00000010 05 subpacket length
|
||||
00000011 89 subpacket tag
|
||||
00000012 05 a4 8f bd key expiry time
|
||||
00000016 03 subpacket length
|
||||
00000017 0b subpacket tag
|
||||
00000018 09 07 pref sym algos
|
||||
0000001a 03 subpacket length
|
||||
0000001b 15 subpacket tag
|
||||
0000001c 0a 08 pref hash algos
|
||||
0000001e 02 subpacket length
|
||||
0000001f 9b subpacket tag
|
||||
00000020 01 key flags
|
||||
00000021 02 subpacket length
|
||||
00000022 1e subpacket tag
|
||||
00000023 01 features
|
||||
00000024 22 subpacket length
|
||||
00000025 21 subpacket tag
|
||||
00000026 06 version
|
||||
00000027 aa a1 8c bb 25 46 85 c5 83 issuer fp
|
||||
00000030 58 32 05 63 fd 37 b6 7f 33 00 f9 fb 0e c4 57 37
|
||||
00000040 8c d2 9f 10 26 98 b3
|
||||
00000047 00 00 00 0a unhashed_area_len
|
||||
0000004b 09 subpacket length
|
||||
0000004c 10 subpacket tag
|
||||
0000004d aa a1 8c issuer
|
||||
00000050 bb 25 46 85 c5
|
||||
00000055 67 digest_prefix1
|
||||
00000056 47 digest_prefix2
|
||||
00000057 20 salt_len
|
||||
00000058 a2 e3 63 81 e3 6b d0 4f salt
|
||||
00000060 56 d7 c8 38 80 02 25 e8 53 39 49 6b 90 c6 0d 76
|
||||
00000070 8f 44 b4 ec 4c 42 38 8e
|
||||
00000078 4d 3d 10 c2 ad 29 c0 57 ed25519_sig
|
||||
00000080 ce 66 01 73 b3 78 81 9e 89 52 cf 43 8d 28 11 a9
|
||||
00000090 77 09 7f cb f8 15 c8 a1 8d ac 20 44 2b 2d de 13
|
||||
000000a0 00 41 32 d0 10 3c 69 06 53 3c 49 8c 76 23 82 33
|
||||
000000b0 54 01 f9 5f 81 41 90 0e
|
||||
```
|
||||
|
||||
We see that the key consists of two packets:
|
||||
|
||||
* First, a [*"Secret-Key Packet"*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#seckey), which contains the actual cryptographic key data. Note: the "Secret-Key" Packet contains both the private and the public part of the key. We also see in the output that this packet is "Unencrypted" (i.e. not password-protected).
|
||||
* Second, a [*"Direct Key Signature"*](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#sigtype-direct-key) (type 0x1F), *"Signature directly on a key"*. This packet *"binds the information in the Signature subpackets to the key"*. Each entry under "Signature Packet -> Hashed area" is one Signature subpacket, including for example information about algorithm preferences (*"Symmetric algo preferences"* and *"Hash preferences"*).
|
||||
|
||||
|
@ -374,112 +381,111 @@ A minimal OpenPGP key, visualized
|
|||
|
||||
#### Seen as a public certificate
|
||||
|
||||
Let's compare this with the same certificate seen as an armored "public" certificate (that is, a variant of the key above, but without the private key material. An OpenPGP user might give such a certificate to a communication partner, so that the remote party could send encrypted messages to the user):
|
||||
Let's compare this with the same certificate seen as an armored OpenPGP certificate (that is, a "public key" variant of the key above, but without the private key material. An OpenPGP user might give such a certificate to a communication partner, so that the remote party could send encrypted messages to the user):
|
||||
|
||||
|
||||
```{admonition} TODO
|
||||
:class: warning
|
||||
|
||||
Show packet dump invocations.
|
||||
```
|
||||
|
||||
```
|
||||
```text
|
||||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
Comment: 6D10 0EB0 444D 1648 DAD9 A0EE DE83 CCF4 A204 F957
|
||||
Comment: AAA1 8CBB 2546 85C5 8358 3205 63FD 37B6 7F33 00F9 FB0E C457 378C D29F 1026 98B3
|
||||
|
||||
xjMEX7Kj9hYJKwYBBAHaRw8BAQdAztZjmUk3IUgnKwR9rfukVUt7UaVsvk+AoBtO
|
||||
ZNbVqDfCgwQfFgoANQWCX7Kj9gMLCQcJEN6DzPSiBPlXAxUKCAKbAQIeARYhBG0Q
|
||||
DrBETRZI2tmg7t6DzPSiBPlXAABsWAEA7U5itqhoOYUxnslZsuhMpbvGkNQ0oH6S
|
||||
H5t0LoeNilwA/2oeGGA0Tueh5ASwmZHTJbu1NhPxHKskXqjbFkQ2Vd0L
|
||||
=ZN14
|
||||
xioGZRbqphsAAAAgUyTpQ6+rFfdu1bUSmHlpzRtdEGXr50Liq0f0hrOuZT7CtgYf
|
||||
GwoAAAA9BYJlFuqmBYkFpI+9AwsJBwMVCggCmwECHgEiIQaqoYy7JUaFxYNYMgVj
|
||||
/Te2fzMA+fsOxFc3jNKfECaYswAAAAoJEKqhjLslRoXFZ0cgouNjgeNr0E9W18g4
|
||||
gAIl6FM5SWuQxg12j0S07ExCOI5NPRDCrSnAV85mAXOzeIGeiVLPQ40oEal3CX/L
|
||||
+BXIoY2sIEQrLd4TAEEy0BA8aQZTPEmMdiOCM1QB+V+BQZAO
|
||||
=5nyq
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
```
|
||||
|
||||
```
|
||||
Public-Key Packet, new CTB, 2 header bytes + 51 bytes
|
||||
Version: 4
|
||||
Creation time: 2020-11-16 16:08:22 UTC
|
||||
Pk algo: EdDSA Edwards-curve Digital Signature Algorithm
|
||||
```text
|
||||
$ sq packet dump --hex alice_minimal.pub
|
||||
Public-Key Packet, new CTB, 2 header bytes + 42 bytes
|
||||
Version: 6
|
||||
Creation time: 2023-09-29 15:17:58 UTC
|
||||
Pk algo: Ed25519
|
||||
Pk size: 256 bits
|
||||
Fingerprint: 6D10 0EB0 444D 1648 DAD9 A0EE DE83 CCF4 A204 F957
|
||||
KeyID: DE83 CCF4 A204 F957
|
||||
Fingerprint: AAA18CBB254685C58358320563FD37B67F3300F9FB0EC457378CD29F102698B3
|
||||
KeyID: AAA18CBB254685C5
|
||||
|
||||
00000000 c6 CTB
|
||||
00000001 33 length
|
||||
00000002 04 version
|
||||
00000003 5f b2 a3 f6 creation_time
|
||||
00000007 16 pk_algo
|
||||
00000008 09 curve_len
|
||||
00000009 2b 06 01 04 01 da 47 curve
|
||||
00000010 0f 01
|
||||
00000012 01 07 eddsa_public_len
|
||||
00000014 40 ce d6 63 99 49 37 21 48 27 2b 04 eddsa_public
|
||||
00000020 7d ad fb a4 55 4b 7b 51 a5 6c be 4f 80 a0 1b 4e
|
||||
00000030 64 d6 d5 a8 37
|
||||
00000035 s2k_usage
|
||||
00000001 2a length
|
||||
00000002 06 version
|
||||
00000003 65 16 ea a6 creation_time
|
||||
00000007 1b pk_algo
|
||||
00000008 00 00 00 20 public_len
|
||||
0000000c 53 24 e9 43 ed25519_public
|
||||
00000010 af ab 15 f7 6e d5 b5 12 98 79 69 cd 1b 5d 10 65
|
||||
00000020 eb e7 42 e2 ab 47 f4 86 b3 ae 65 3e
|
||||
|
||||
Signature Packet, new CTB, 2 header bytes + 131 bytes
|
||||
Version: 4
|
||||
Signature Packet, new CTB, 2 header bytes + 182 bytes
|
||||
Version: 6
|
||||
Type: DirectKey
|
||||
Pk algo: EdDSA Edwards-curve Digital Signature Algorithm
|
||||
Pk algo: Ed25519
|
||||
Hash algo: SHA512
|
||||
Hashed area:
|
||||
Signature creation time: 2020-11-16 16:08:22 UTC (critical)
|
||||
Signature creation time: 2023-09-29 15:17:58 UTC (critical)
|
||||
Key expiration time: P1095DT62781S (critical)
|
||||
Symmetric algo preferences: AES256, AES128
|
||||
Issuer: DE83 CCF4 A204 F957
|
||||
Hash preferences: SHA512, SHA256
|
||||
Key flags: C (critical)
|
||||
Features: MDC
|
||||
Issuer Fingerprint: 6D10 0EB0 444D 1648 DAD9 A0EE DE83 CCF4 A204 F957
|
||||
Digest prefix: 6C58
|
||||
Issuer Fingerprint: AAA18CBB254685C58358320563FD37B67F3300F9FB0EC457378CD29F102698B3
|
||||
Unhashed area:
|
||||
Issuer: AAA18CBB254685C5
|
||||
Digest prefix: 6747
|
||||
Level: 0 (signature over data)
|
||||
|
||||
00000000 c2 CTB
|
||||
00000001 83 length
|
||||
00000002 04 version
|
||||
00000001 b6 length
|
||||
00000002 06 version
|
||||
00000003 1f type
|
||||
00000004 16 pk_algo
|
||||
00000004 1b pk_algo
|
||||
00000005 0a hash_algo
|
||||
00000006 00 35 hashed_area_len
|
||||
00000008 05 subpacket length
|
||||
00000009 82 subpacket tag
|
||||
0000000a 5f b2 a3 f6 sig creation time
|
||||
0000000e 03 subpacket length
|
||||
0000000f 0b subpacket tag
|
||||
00000010 09 07 pref sym algos
|
||||
00000012 09 subpacket length
|
||||
00000013 10 subpacket tag
|
||||
00000014 de 83 cc f4 a2 04 f9 57 issuer
|
||||
0000001c 03 subpacket length
|
||||
0000001d 15 subpacket tag
|
||||
0000001e 0a 08 pref hash algos
|
||||
00000020 02 subpacket length
|
||||
00000021 9b subpacket tag
|
||||
00000022 01 key flags
|
||||
00000023 02 subpacket length
|
||||
00000024 1e subpacket tag
|
||||
00000025 01 features
|
||||
00000026 16 subpacket length
|
||||
00000027 21 subpacket tag
|
||||
00000028 04 version
|
||||
00000029 6d 10 0e b0 44 4d 16 issuer fp
|
||||
00000030 48 da d9 a0 ee de 83 cc f4 a2 04 f9 57
|
||||
0000003d 00 00 unhashed_area_len
|
||||
0000003f 6c digest_prefix1
|
||||
00000040 58 digest_prefix2
|
||||
00000041 01 00 eddsa_sig_r_len
|
||||
00000043 ed 4e 62 b6 a8 68 39 85 31 9e c9 59 b2 eddsa_sig_r
|
||||
00000050 e8 4c a5 bb c6 90 d4 34 a0 7e 92 1f 9b 74 2e 87
|
||||
00000060 8d 8a 5c
|
||||
00000063 00 ff eddsa_sig_s_len
|
||||
00000065 6a 1e 18 60 34 4e e7 a1 e4 04 b0 eddsa_sig_s
|
||||
00000070 99 91 d3 25 bb b5 36 13 f1 1c ab 24 5e a8 db 16
|
||||
00000080 44 36 55 dd 0b
|
||||
00000006 00 00 00 3d hashed_area_len
|
||||
0000000a 05 subpacket length
|
||||
0000000b 82 subpacket tag
|
||||
0000000c 65 16 ea a6 sig creation time
|
||||
00000010 05 subpacket length
|
||||
00000011 89 subpacket tag
|
||||
00000012 05 a4 8f bd key expiry time
|
||||
00000016 03 subpacket length
|
||||
00000017 0b subpacket tag
|
||||
00000018 09 07 pref sym algos
|
||||
0000001a 03 subpacket length
|
||||
0000001b 15 subpacket tag
|
||||
0000001c 0a 08 pref hash algos
|
||||
0000001e 02 subpacket length
|
||||
0000001f 9b subpacket tag
|
||||
00000020 01 key flags
|
||||
00000021 02 subpacket length
|
||||
00000022 1e subpacket tag
|
||||
00000023 01 features
|
||||
00000024 22 subpacket length
|
||||
00000025 21 subpacket tag
|
||||
00000026 06 version
|
||||
00000027 aa a1 8c bb 25 46 85 c5 83 issuer fp
|
||||
00000030 58 32 05 63 fd 37 b6 7f 33 00 f9 fb 0e c4 57 37
|
||||
00000040 8c d2 9f 10 26 98 b3
|
||||
00000047 00 00 00 0a unhashed_area_len
|
||||
0000004b 09 subpacket length
|
||||
0000004c 10 subpacket tag
|
||||
0000004d aa a1 8c issuer
|
||||
00000050 bb 25 46 85 c5
|
||||
00000055 67 digest_prefix1
|
||||
00000056 47 digest_prefix2
|
||||
00000057 20 salt_len
|
||||
00000058 a2 e3 63 81 e3 6b d0 4f salt
|
||||
00000060 56 d7 c8 38 80 02 25 e8 53 39 49 6b 90 c6 0d 76
|
||||
00000070 8f 44 b4 ec 4c 42 38 8e
|
||||
00000078 4d 3d 10 c2 ad 29 c0 57 ed25519_sig
|
||||
00000080 ce 66 01 73 b3 78 81 9e 89 52 cf 43 8d 28 11 a9
|
||||
00000090 77 09 7f cb f8 15 c8 a1 8d ac 20 44 2b 2d de 13
|
||||
000000a0 00 41 32 d0 10 3c 69 06 53 3c 49 8c 76 23 82 33
|
||||
000000b0 54 01 f9 5f 81 41 90 0e
|
||||
```
|
||||
|
||||
Note that the two OpenPGP artifacts (public certificate and private key) are almost identical.
|
||||
Note that the two OpenPGP artifacts (OpenPGP certificate and OpenPGP private key) are almost identical.
|
||||
|
||||
The public certificate uses the packet type "Public-Key Packet" instead of "Secret-Key Packet". The two packet types are very similar. The "Public-Key Packet" leaves out two types of data
|
||||
The public certificate uses the packet type "Public-Key Packet" instead of "Secret-Key Packet." The two packet types are very similar. The "Public-Key Packet" leaves out two types of data
|
||||
|
||||
* the private key material (visualized in red), and
|
||||
* s2k configuration data, if any (this example doesn't have any).
|
||||
|
@ -500,195 +506,200 @@ User IDs are a mechanism for attaching *identities* to an OpenPGP certificate. T
|
|||
|
||||
To look into these, we'll make a certificate that has one [User ID](https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#uid). User IDs are *"intended to represent the name and email address of the key holder"*. A certificate can have multiple User IDs associated with it.
|
||||
|
||||
```
|
||||
let (cert, _) = CertBuilder::new()
|
||||
.add_userid("Alice Adams <alice@example.org>")
|
||||
.generate()?;
|
||||
```
|
||||
|
||||
Let's look into the details of this key:
|
||||
|
||||
```
|
||||
```text
|
||||
-----BEGIN PGP PRIVATE KEY BLOCK-----
|
||||
Comment: A3F3 1A57 E400 A77C 2239 24C0 783B 4E35 B4E5 F1BA
|
||||
Comment: Alice Adams <alice@example.org>
|
||||
Comment: AAA1 8CBB 2546 85C5 8358 3205 63FD 37B6 7F33 00F9 FB0E C457 378C D29F 1026 98B3
|
||||
Comment: <alice@example.org>
|
||||
|
||||
xVgEX7LO1RYJKwYBBAHaRw8BAQdAiDI09+r0a4BVBUZCIqdSF9yuC706fRNC6tvZ
|
||||
zReMlI4AAP0VhUQxbMmXjJgXfiH2p0Zo/1G9WgC2h5HwfluLGONYJQ/+woMEHxYK
|
||||
ADUFgl+yztUDCwkHCRB4O041tOXxugMVCggCmwECHgEWIQSj8xpX5ACnfCI5JMB4
|
||||
O041tOXxugAAfXwBAPkjwkSO5aI3lQUNi/h4OiwPUF/u6AO9rHsg45WURZOwAQDy
|
||||
8TQHQyFR52QjldVYbevffMaWfBiB4LfmrMeNvoHNC80fQWxpY2UgQWRhbXMgPGFs
|
||||
aWNlQGV4YW1wbGUub3JnPsKGBBMWCgA4BYJfss7VAwsJBwkQeDtONbTl8boDFQoI
|
||||
ApkBApsBAh4BFiEEo/MaV+QAp3wiOSTAeDtONbTl8boAALLzAP4oGNBkrnpv7TBi
|
||||
cucUcQZbAURxRDZLioWmwu/VVqWRQwEAk/3oG5sP327lu73CE7LUjBt5ChtAlDlP
|
||||
szWqa9TiCw4=
|
||||
=tnJI
|
||||
xUsGZRbqphsAAAAgUyTpQ6+rFfdu1bUSmHlpzRtdEGXr50Liq0f0hrOuZT4A7+GZ
|
||||
tV8R+6qT6CadO7ItciB9/71C3UvpozaBO6XMz/vCtgYfGwoAAAA9BYJlFuqmBYkF
|
||||
pI+9AwsJBwMVCggCmwECHgEiIQaqoYy7JUaFxYNYMgVj/Te2fzMA+fsOxFc3jNKf
|
||||
ECaYswAAAAoJEKqhjLslRoXFZ0cgouNjgeNr0E9W18g4gAIl6FM5SWuQxg12j0S0
|
||||
7ExCOI5NPRDCrSnAV85mAXOzeIGeiVLPQ40oEal3CX/L+BXIoY2sIEQrLd4TAEEy
|
||||
0BA8aQZTPEmMdiOCM1QB+V+BQZAOzRM8YWxpY2VAZXhhbXBsZS5vcmc+wrkGExsK
|
||||
AAAAQAWCZRbqpgWJBaSPvQMLCQcDFQoIApkBApsBAh4BIiEGqqGMuyVGhcWDWDIF
|
||||
Y/03tn8zAPn7DsRXN4zSnxAmmLMAAAAKCRCqoYy7JUaFxdu4IIotb9pnNbxdBHe0
|
||||
nWeobsXWiFNf4u/5Zgi/wuDbwFYN69QspRkBD7om0IKiz1zreqly2fOyZgeLsro9
|
||||
t4nkdgRuNSQrJymDvpGceGrMtNVpR3YsKdZUv0MZBP9TmMDVCw==
|
||||
=bgQM
|
||||
-----END PGP PRIVATE KEY BLOCK-----
|
||||
```
|
||||
|
||||
```
|
||||
Secret-Key Packet, new CTB, 2 header bytes + 88 bytes
|
||||
Version: 4
|
||||
Creation time: 2020-11-16 19:11:17 UTC
|
||||
Pk algo: EdDSA Edwards-curve Digital Signature Algorithm
|
||||
```text
|
||||
$ sq packet dump --hex alice_userid.priv
|
||||
Secret-Key Packet, new CTB, 2 header bytes + 75 bytes
|
||||
Version: 6
|
||||
Creation time: 2023-09-29 15:17:58 UTC
|
||||
Pk algo: Ed25519
|
||||
Pk size: 256 bits
|
||||
Fingerprint: A3F3 1A57 E400 A77C 2239 24C0 783B 4E35 B4E5 F1BA
|
||||
KeyID: 783B 4E35 B4E5 F1BA
|
||||
Fingerprint: AAA18CBB254685C58358320563FD37B67F3300F9FB0EC457378CD29F102698B3
|
||||
KeyID: AAA18CBB254685C5
|
||||
|
||||
Secret Key:
|
||||
|
||||
Unencrypted
|
||||
|
||||
00000000 c5 CTB
|
||||
00000001 58 length
|
||||
00000002 04 version
|
||||
00000003 5f b2 ce d5 creation_time
|
||||
00000007 16 pk_algo
|
||||
00000008 09 curve_len
|
||||
00000009 2b 06 01 04 01 da 47 curve
|
||||
00000010 0f 01
|
||||
00000012 01 07 eddsa_public_len
|
||||
00000014 40 88 32 34 f7 ea f4 6b 80 55 05 46 eddsa_public
|
||||
00000020 42 22 a7 52 17 dc ae 0b bd 3a 7d 13 42 ea db d9
|
||||
00000030 cd 17 8c 94 8e
|
||||
00000035 00 s2k_usage
|
||||
00000036 00 fd eddsa_secret_len
|
||||
00000038 15 85 44 31 6c c9 97 8c eddsa_secret
|
||||
00000040 98 17 7e 21 f6 a7 46 68 ff 51 bd 5a 00 b6 87 91
|
||||
00000050 f0 7e 5b 8b 18 e3 58 25
|
||||
00000058 0f fe checksum
|
||||
00000001 4b length
|
||||
00000002 06 version
|
||||
00000003 65 16 ea a6 creation_time
|
||||
00000007 1b pk_algo
|
||||
00000008 00 00 00 20 public_len
|
||||
0000000c 53 24 e9 43 ed25519_public
|
||||
00000010 af ab 15 f7 6e d5 b5 12 98 79 69 cd 1b 5d 10 65
|
||||
00000020 eb e7 42 e2 ab 47 f4 86 b3 ae 65 3e
|
||||
0000002c 00 s2k_usage
|
||||
0000002d ef e1 99 ed25519_secret
|
||||
00000030 b5 5f 11 fb aa 93 e8 26 9d 3b b2 2d 72 20 7d ff
|
||||
00000040 bd 42 dd 4b e9 a3 36 81 3b a5 cc cf fb
|
||||
|
||||
Signature Packet, new CTB, 2 header bytes + 131 bytes
|
||||
Version: 4
|
||||
Signature Packet, new CTB, 2 header bytes + 182 bytes
|
||||
Version: 6
|
||||
Type: DirectKey
|
||||
Pk algo: EdDSA Edwards-curve Digital Signature Algorithm
|
||||
Pk algo: Ed25519
|
||||
Hash algo: SHA512
|
||||
Hashed area:
|
||||
Signature creation time: 2020-11-16 19:11:17 UTC (critical)
|
||||
Signature creation time: 2023-09-29 15:17:58 UTC (critical)
|
||||
Key expiration time: P1095DT62781S (critical)
|
||||
Symmetric algo preferences: AES256, AES128
|
||||
Issuer: 783B 4E35 B4E5 F1BA
|
||||
Hash preferences: SHA512, SHA256
|
||||
Key flags: C (critical)
|
||||
Features: MDC
|
||||
Issuer Fingerprint: A3F3 1A57 E400 A77C 2239 24C0 783B 4E35 B4E5 F1BA
|
||||
Digest prefix: 7D7C
|
||||
Issuer Fingerprint: AAA18CBB254685C58358320563FD37B67F3300F9FB0EC457378CD29F102698B3
|
||||
Unhashed area:
|
||||
Issuer: AAA18CBB254685C5
|
||||
Digest prefix: 6747
|
||||
Level: 0 (signature over data)
|
||||
|
||||
00000000 c2 CTB
|
||||
00000001 83 length
|
||||
00000002 04 version
|
||||
00000001 b6 length
|
||||
00000002 06 version
|
||||
00000003 1f type
|
||||
00000004 16 pk_algo
|
||||
00000004 1b pk_algo
|
||||
00000005 0a hash_algo
|
||||
00000006 00 35 hashed_area_len
|
||||
00000008 05 subpacket length
|
||||
00000009 82 subpacket tag
|
||||
0000000a 5f b2 ce d5 sig creation time
|
||||
0000000e 03 subpacket length
|
||||
0000000f 0b subpacket tag
|
||||
00000010 09 07 pref sym algos
|
||||
00000012 09 subpacket length
|
||||
00000013 10 subpacket tag
|
||||
00000014 78 3b 4e 35 b4 e5 f1 ba issuer
|
||||
0000001c 03 subpacket length
|
||||
0000001d 15 subpacket tag
|
||||
0000001e 0a 08 pref hash algos
|
||||
00000020 02 subpacket length
|
||||
00000021 9b subpacket tag
|
||||
00000022 01 key flags
|
||||
00000023 02 subpacket length
|
||||
00000024 1e subpacket tag
|
||||
00000025 01 features
|
||||
00000026 16 subpacket length
|
||||
00000027 21 subpacket tag
|
||||
00000028 04 version
|
||||
00000029 a3 f3 1a 57 e4 00 a7 issuer fp
|
||||
00000030 7c 22 39 24 c0 78 3b 4e 35 b4 e5 f1 ba
|
||||
0000003d 00 00 unhashed_area_len
|
||||
0000003f 7d digest_prefix1
|
||||
00000040 7c digest_prefix2
|
||||
00000041 01 00 eddsa_sig_r_len
|
||||
00000043 f9 23 c2 44 8e e5 a2 37 95 05 0d 8b f8 eddsa_sig_r
|
||||
00000050 78 3a 2c 0f 50 5f ee e8 03 bd ac 7b 20 e3 95 94
|
||||
00000060 45 93 b0
|
||||
00000063 01 00 eddsa_sig_s_len
|
||||
00000065 f2 f1 34 07 43 21 51 e7 64 23 95 eddsa_sig_s
|
||||
00000070 d5 58 6d eb df 7c c6 96 7c 18 81 e0 b7 e6 ac c7
|
||||
00000080 8d be 81 cd 0b
|
||||
00000006 00 00 00 3d hashed_area_len
|
||||
0000000a 05 subpacket length
|
||||
0000000b 82 subpacket tag
|
||||
0000000c 65 16 ea a6 sig creation time
|
||||
00000010 05 subpacket length
|
||||
00000011 89 subpacket tag
|
||||
00000012 05 a4 8f bd key expiry time
|
||||
00000016 03 subpacket length
|
||||
00000017 0b subpacket tag
|
||||
00000018 09 07 pref sym algos
|
||||
0000001a 03 subpacket length
|
||||
0000001b 15 subpacket tag
|
||||
0000001c 0a 08 pref hash algos
|
||||
0000001e 02 subpacket length
|
||||
0000001f 9b subpacket tag
|
||||
00000020 01 key flags
|
||||
00000021 02 subpacket length
|
||||
00000022 1e subpacket tag
|
||||
00000023 01 features
|
||||
00000024 22 subpacket length
|
||||
00000025 21 subpacket tag
|
||||
00000026 06 version
|
||||
00000027 aa a1 8c bb 25 46 85 c5 83 issuer fp
|
||||
00000030 58 32 05 63 fd 37 b6 7f 33 00 f9 fb 0e c4 57 37
|
||||
00000040 8c d2 9f 10 26 98 b3
|
||||
00000047 00 00 00 0a unhashed_area_len
|
||||
0000004b 09 subpacket length
|
||||
0000004c 10 subpacket tag
|
||||
0000004d aa a1 8c issuer
|
||||
00000050 bb 25 46 85 c5
|
||||
00000055 67 digest_prefix1
|
||||
00000056 47 digest_prefix2
|
||||
00000057 20 salt_len
|
||||
00000058 a2 e3 63 81 e3 6b d0 4f salt
|
||||
00000060 56 d7 c8 38 80 02 25 e8 53 39 49 6b 90 c6 0d 76
|
||||
00000070 8f 44 b4 ec 4c 42 38 8e
|
||||
00000078 4d 3d 10 c2 ad 29 c0 57 ed25519_sig
|
||||
00000080 ce 66 01 73 b3 78 81 9e 89 52 cf 43 8d 28 11 a9
|
||||
00000090 77 09 7f cb f8 15 c8 a1 8d ac 20 44 2b 2d de 13
|
||||
000000a0 00 41 32 d0 10 3c 69 06 53 3c 49 8c 76 23 82 33
|
||||
000000b0 54 01 f9 5f 81 41 90 0e
|
||||
|
||||
User ID Packet, new CTB, 2 header bytes + 31 bytes
|
||||
Value: Alice Adams <alice@example.org>
|
||||
User ID Packet, new CTB, 2 header bytes + 19 bytes
|
||||
Value: <alice@example.org>
|
||||
|
||||
00000000 cd CTB
|
||||
00000001 1f length
|
||||
00000002 41 6c 69 63 65 20 41 64 61 6d 73 20 3c 61 value
|
||||
00000010 6c 69 63 65 40 65 78 61 6d 70 6c 65 2e 6f 72 67
|
||||
00000020 3e
|
||||
00000001 13 length
|
||||
00000002 3c 61 6c 69 63 65 40 65 78 61 6d 70 6c 65 value
|
||||
00000010 2e 6f 72 67 3e
|
||||
|
||||
Signature Packet, new CTB, 2 header bytes + 134 bytes
|
||||
Version: 4
|
||||
Signature Packet, new CTB, 2 header bytes + 185 bytes
|
||||
Version: 6
|
||||
Type: PositiveCertification
|
||||
Pk algo: EdDSA Edwards-curve Digital Signature Algorithm
|
||||
Pk algo: Ed25519
|
||||
Hash algo: SHA512
|
||||
Hashed area:
|
||||
Signature creation time: 2020-11-16 19:11:17 UTC (critical)
|
||||
Signature creation time: 2023-09-29 15:17:58 UTC (critical)
|
||||
Key expiration time: P1095DT62781S (critical)
|
||||
Symmetric algo preferences: AES256, AES128
|
||||
Issuer: 783B 4E35 B4E5 F1BA
|
||||
Hash preferences: SHA512, SHA256
|
||||
Primary User ID: true (critical)
|
||||
Key flags: C (critical)
|
||||
Features: MDC
|
||||
Issuer Fingerprint: A3F3 1A57 E400 A77C 2239 24C0 783B 4E35 B4E5 F1BA
|
||||
Digest prefix: B2F3
|
||||
Issuer Fingerprint: AAA18CBB254685C58358320563FD37B67F3300F9FB0EC457378CD29F102698B3
|
||||
Unhashed area:
|
||||
Issuer: AAA18CBB254685C5
|
||||
Digest prefix: DBB8
|
||||
Level: 0 (signature over data)
|
||||
|
||||
00000000 c2 CTB
|
||||
00000001 86 length
|
||||
00000002 04 version
|
||||
00000001 b9 length
|
||||
00000002 06 version
|
||||
00000003 13 type
|
||||
00000004 16 pk_algo
|
||||
00000004 1b pk_algo
|
||||
00000005 0a hash_algo
|
||||
00000006 00 38 hashed_area_len
|
||||
00000008 05 subpacket length
|
||||
00000009 82 subpacket tag
|
||||
0000000a 5f b2 ce d5 sig creation time
|
||||
0000000e 03 subpacket length
|
||||
0000000f 0b subpacket tag
|
||||
00000010 09 07 pref sym algos
|
||||
00000012 09 subpacket length
|
||||
00000013 10 subpacket tag
|
||||
00000014 78 3b 4e 35 b4 e5 f1 ba issuer
|
||||
0000001c 03 subpacket length
|
||||
0000001d 15 subpacket tag
|
||||
0000001e 0a 08 pref hash algos
|
||||
00000020 02 subpacket length
|
||||
00000021 99 subpacket tag
|
||||
00000022 01 primary user id
|
||||
00000023 02 subpacket length
|
||||
00000024 9b subpacket tag
|
||||
00000025 01 key flags
|
||||
00000026 02 subpacket length
|
||||
00000027 1e subpacket tag
|
||||
00000028 01 features
|
||||
00000029 16 subpacket length
|
||||
0000002a 21 subpacket tag
|
||||
0000002b 04 version
|
||||
0000002c a3 f3 1a 57 issuer fp
|
||||
00000030 e4 00 a7 7c 22 39 24 c0 78 3b 4e 35 b4 e5 f1 ba
|
||||
00000040 00 00 unhashed_area_len
|
||||
00000042 b2 digest_prefix1
|
||||
00000043 f3 digest_prefix2
|
||||
00000044 00 fe eddsa_sig_r_len
|
||||
00000046 28 18 d0 64 ae 7a 6f ed 30 62 eddsa_sig_r
|
||||
00000050 72 e7 14 71 06 5b 01 44 71 44 36 4b 8a 85 a6 c2
|
||||
00000060 ef d5 56 a5 91 43
|
||||
00000066 01 00 eddsa_sig_s_len
|
||||
00000068 93 fd e8 1b 9b 0f df 6e eddsa_sig_s
|
||||
00000070 e5 bb bd c2 13 b2 d4 8c 1b 79 0a 1b 40 94 39 4f
|
||||
00000080 b3 35 aa 6b d4 e2 0b 0e
|
||||
00000006 00 00 00 40 hashed_area_len
|
||||
0000000a 05 subpacket length
|
||||
0000000b 82 subpacket tag
|
||||
0000000c 65 16 ea a6 sig creation time
|
||||
00000010 05 subpacket length
|
||||
00000011 89 subpacket tag
|
||||
00000012 05 a4 8f bd key expiry time
|
||||
00000016 03 subpacket length
|
||||
00000017 0b subpacket tag
|
||||
00000018 09 07 pref sym algos
|
||||
0000001a 03 subpacket length
|
||||
0000001b 15 subpacket tag
|
||||
0000001c 0a 08 pref hash algos
|
||||
0000001e 02 subpacket length
|
||||
0000001f 99 subpacket tag
|
||||
00000020 01 primary user id
|
||||
00000021 02 subpacket length
|
||||
00000022 9b subpacket tag
|
||||
00000023 01 key flags
|
||||
00000024 02 subpacket length
|
||||
00000025 1e subpacket tag
|
||||
00000026 01 features
|
||||
00000027 22 subpacket length
|
||||
00000028 21 subpacket tag
|
||||
00000029 06 version
|
||||
0000002a aa a1 8c bb 25 46 issuer fp
|
||||
00000030 85 c5 83 58 32 05 63 fd 37 b6 7f 33 00 f9 fb 0e
|
||||
00000040 c4 57 37 8c d2 9f 10 26 98 b3
|
||||
0000004a 00 00 00 0a unhashed_area_len
|
||||
0000004e 09 subpacket length
|
||||
0000004f 10 subpacket tag
|
||||
00000050 aa a1 8c bb 25 46 85 c5 issuer
|
||||
00000058 db digest_prefix1
|
||||
00000059 b8 digest_prefix2
|
||||
0000005a 20 salt_len
|
||||
0000005b 8a 2d 6f da 67 salt
|
||||
00000060 35 bc 5d 04 77 b4 9d 67 a8 6e c5 d6 88 53 5f e2
|
||||
00000070 ef f9 66 08 bf c2 e0 db c0 56 0d
|
||||
0000007b eb d4 2c a5 19 ed25519_sig
|
||||
00000080 01 0f ba 26 d0 82 a2 cf 5c eb 7a a9 72 d9 f3 b2
|
||||
00000090 66 07 8b b2 ba 3d b7 89 e4 76 04 6e 35 24 2b 27
|
||||
000000a0 29 83 be 91 9c 78 6a cc b4 d5 69 47 76 2c 29 d6
|
||||
000000b0 54 bf 43 19 04 ff 53 98 c0 d5 0b
|
||||
```
|
||||
|
||||
Instead of two sections, as before, we see four sections in this certificate:
|
||||
Instead of two packets, as before, we see four packets in this certificate:
|
||||
|
||||
* First, a "Secret-Key Packet,"
|
||||
* then a "Signature Packet" (these two packets are the same as above).
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
# Appendix A: OpenPGP artifacts
|
||||
|
||||
(alice_priv)=
|
||||
## Alice's private key
|
||||
|
||||
```text
|
||||
|
|
Loading…
Reference in a new issue