From d9443963917e37c2764bf4e1751a22d6df282875 Mon Sep 17 00:00:00 2001 From: Heiko Schaefer Date: Wed, 27 Dec 2023 03:36:58 +0100 Subject: [PATCH] Add a separate section about hashing of inline signature payload --- book/source/adv/signing_data.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/book/source/adv/signing_data.md b/book/source/adv/signing_data.md index e899a77..4082a64 100644 --- a/book/source/adv/signing_data.md +++ b/book/source/adv/signing_data.md @@ -166,3 +166,17 @@ However, when a signer creates a {term}`prefixed signed message`, the signed dat - once reading it to calculate the cryptographic signature, and - once more to store the data in the generated OpenPGP message, after the signature packet(s). + +(hashing-inline-data)= +### Hashing the signed payload of an inline signature + +When inline signing a message, the hash for the signed content is calculated over just the raw payload contained in a literal data packet. No metadata of the literal data packet is included in the signed hash. Even if a compressed data packet wraps the literal data packet, the inline signature is still calculated over the uncompressed content of the literal data packet. + +The calculation of inline data signatures is unusual in two regards: + +- Most OpenPGP signature calculations include packet metadata, but for literal data packets, only the payload is hashed. +- Packets are usually hashed without transforming the packet content for hashing. Decompressing the content of a compressed data packet for hashing is an exception to this pattern. + +However, this approach means that detached signatures and inline signatures are calculated on exactly the same data. + +One format can be transformed into the other, after the fact, without requiring the private key material of the signer. A compression layer can be inserted or removed without disturbing the validity of an existing signature.