On Mon, Jan 26, 2009 at 05:22:11PM +0100, Peter Thomas wrote: > Hi David. > > On Mon, Jan 26, 2009 at 3:52 PM, David Shaw <ds...@jabberwocky.com> wrote: > >> I'm currently reading RFC4880 and I think I have many minor questions... > >> is the gnupg-users list the right place to ask? Or is there any better > >> place? > > Look for the ietf-openpgp mailing list at > > http://www.ietf.org/html.charters/openpgp-charter.html > I'll have a look at this, but as at least some of my questions seem to > be gnupg specific I'll continue to ask some stuff here. > > >> 1) In chapter 3.7.2.1 on page 13 it says that the octet can have values > >> "255 or 254". Is there any difference between the two? > > Yes, see section 5.5.3 for the exact details, but in general 254 indicates > > that there is a SHA-1 hash of the secret data included. This is to prevent > > a secret key tampering attack. > Ah, thanks. So I'd should be 254 for better security of the private key, > right?
Yes. See http://eprint.iacr.org/2002/076.pdf for the attack that prompted this extra layer of protection. > >> What's the reason for this? I mean the RFC recommends to use the new > >> packet format. Can I change that default behaviour? And if I have a key, > >> that's already used and signed by others, could I convert it to using the > >> new format? > > You could convert it, but there is little point. > Uhm, I just wanted to follow the recommendation of the RFC ;-) The RFC says "If interoperability is not an issue, the new packet format is RECOMMENDED." Given that interoperability *is* an issue (GPG works with PGP 2.x), we don't use the new packet format except when necessary. Really, though, it just doesn't matter. It's the equivalent of writing the number ten as "10" or "ten". It contains the same value, using different notation. > >The function of a packet is the same no matter what. > So all other signatures would still be valid? Yes. > But there is probably no function in gnupg to do this conversion, is > it? No, but you could patch it if you liked. Take a look at the write_header() and write_new_header() functions in build-packet.c David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users