Add a separate section about hashing of inline signature payload

This commit is contained in:
Heiko Schaefer 2023-12-27 03:36:58 +01:00
parent 468f38da6d
commit d944396391
No known key found for this signature in database
GPG key ID: DAE9A9050FCCF1EB

View file

@ -166,3 +166,17 @@ However, when a signer creates a {term}`prefixed signed message`, the signed dat
- once reading it to calculate the cryptographic signature, and - once reading it to calculate the cryptographic signature, and
- once more to store the data in the generated OpenPGP message, after the signature packet(s). - once more to store the data in the generated OpenPGP message, after the signature packet(s).
(hashing-inline-data)=
### Hashing the signed payload of an inline signature
When inline signing a message, the hash for the signed content is calculated over just the raw payload contained in a literal data packet. No metadata of the literal data packet is included in the signed hash. Even if a compressed data packet wraps the literal data packet, the inline signature is still calculated over the uncompressed content of the literal data packet.
The calculation of inline data signatures is unusual in two regards:
- Most OpenPGP signature calculations include packet metadata, but for literal data packets, only the payload is hashed.
- Packets are usually hashed without transforming the packet content for hashing. Decompressing the content of a compressed data packet for hashing is an exception to this pattern.
However, this approach means that detached signatures and inline signatures are calculated on exactly the same data.
One format can be transformed into the other, after the fact, without requiring the private key material of the signer. A compression layer can be inserted or removed without disturbing the validity of an existing signature.