From ad68dc83dad204f318b0feacec2ca25d9b5b0d24 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Wed, 20 Dec 2023 14:28:08 +0100 Subject: [PATCH] Additional elaboration on one-pass signature packet --- book/source/signing_data.md | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/book/source/signing_data.md b/book/source/signing_data.md index 16e93fc..15b137b 100644 --- a/book/source/signing_data.md +++ b/book/source/signing_data.md @@ -85,14 +85,28 @@ The structure of a one-pass signed message. Despite its name, a {term}`one-pass signature packet` is not a type of {term}`signature packet`. Instead, it's a type of auxiliary packet that can be used in conjunction with {term}`signature packets`. Its use allows storing the {term}`signature packets` after the message body. - -The position of the signature packet within the OpenPGP message is important for efficient data processing. The plaintext data might be large in size, and memory might be constrained. -The producer of a signed OpenPGP message wants to streamline the signature calculation process in such a way that allows to emit the data to be signed while calculating the signature. The signature itself is therefore appended to the data. -The verifier on the other hand needs to know the hash algorithm used to calculate the signature before starting the verification process. As a consequence, either the producer would need to pass the plaintext data twice, once to calculate the signature and a second time to emit the signed data (the result is a prefixed signed message), or the verifier needs to process (and cache) the whole OpenPGP message to reach the signature packets at the end in order to determine the hash algorithm, to then re-process the whole message, verifying the signature. - -The one-pass signature solves this issue, by allowing both the creation and verification of a signed message in a single pass. ``` +#### The function of the one-pass signature packet + +To understand the purpose of this packet, consider that without it, the position of signature packets within an inline signed OpenPGP message constitutes a trade-off for efficient data processing. In particular when plaintext data is large and exceeds available memory in size. + +The producer of a signed OpenPGP message wants to streamline the signature calculation process in such a way that allows to emit a copy of the signed data while calculating the cryptographic signature. On the signer's side, the signature packet is therefore easy to store after the signed data. + +The verifier, on the other hand, needs some information from the signature packet in order to perform the signature verification process. In particular, the verifier needs to know which hash algorithm was used to calculate the signature, in order to perform the same hashing operation on the message data. + +As a consequence, without a {term}`one-pass signature packet`, either: +- the producer would need to process the signed data twice: + - once to calculate the signature, and + - a second time to emit the signed data (the result is a prefixed signed message), or +- the verifier would need to process the OpenPGP message twice: + - once to read the signature packets at the end in order to determine the hash algorithm, and + - a second time to process the body of the message, and calculate the hash verifying the signature. + +The one-pass signature packet solves this issue, by allowing both the creation and verification of a signed message in a single pass. It effectively contains a copy of the data in a signature packet, but without the cryptographic signature data. + +The signer can easily emit this metadata before processing the full message, and for the verifier, this metadata enables processing of the message body. Both signer and verifier can efficiently generate or check a one-pass signed message. + #### Creation To produce an {term}`inline signature`, the {term}`signer` decides on a hash algorithm and emits a {term}`one-pass signature packet` into the destination {term}`OpenPGP message`. This contains essential information such as the {term}`fingerprint` of the {term}`signing key` and the {term}`hash` algorithm used for computing the {term}`signature`'s {term}`hash digest`. The signer then processes the entirety of the plaintext data, emitting it as a {term}`literal data` into the message as well. Once the data is processed, the {term}`signer` calculates a {term}`cryptographic signature` using the calculated hash value. Lastly, the result is emitted as a {term}`data signature packet` to the output message, and the whole packet sequence can be efficiently stored or transmitted.