checking gpg-signatures in JavaScript
Hi List,
i wrote already 2 Mails and got some help but i don't get any further by
myself...
I want to check gpg-clearsigned-signatures in JS, and with the rfc
https://tools.ietf.org/html/rfc4880 i had some success.
The problem that i have right now is to produce the Hash-value which is
to be signed (to be checked).
I have an example to state my problem:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
{2011-01-13 13:00:cno,2011-01-13
14:00:cno,2011-01-14:cno,2011-01-15 13:00:cno}
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (Darwin)
iQIcBAEBAgAGBQJNPLs/AAoJEEH+GXMF1XjpY5MQAMSG7NcEJBEV7/mkeEtac1q7
cCYGzPBMnYlu3wY1/Jre6HPzfvY+x8kSsPMHIefndKDCcDFOqyEKpUe3rLZC9kBS
0yJ1Dewcz7/2tTrc6Yq6QfHXyalwpWk+I99bZpALQW5W3xh+hKtlxsZlLVn0MUnZ
r5ZReRhpxefyOhRfJRzVVImvDwUpBn6GrBjmAElQd/Z27ecNtprgUZ46HfA7wHKu
PjGmOHJzrbj34XPl7oqYS/tmE5AGIkyDYa7o81/8SODZxtBdztpZ48NBH9zgNcoV
32cdiGQ62S5DXUQeur+sL5z/vFMbcydtPeT2RW8gQ0Sgy6ogCwYt/QmtVFKNqJta
CNh6onchhkCywjBVpxlqRQBsWvionnIY3EMF7AnQ6DhiRvF6WzVB0n9GBZwX9rvf
0A8k7AnFbGA+hAK1Oq6takm0dP2zBrq1irNe2osJfYnVp5/2m4ok+dVECp5XVG/f
NgIQn1gOjflVzBotSG40VDbBKMNSjItU/xyWvR5h9Xd3p0W1940odUr1/wAwAZcM
ziWa5f2G0CdeTQUQ3dzP7ZvDZZepGP+uLYPEZCDvlI4ARWqC4IdlwVPDsYQbTm9a
BRzII51aiCHLuzQMNFy+Y91T655lhrsqQ6JMuURdhSGdcLvtJqZDWcyPaWflLaz/
nJlucBr0OdSQ04WkAlcA
=McmZ
-END PGP SIGNATURE-
The content-part is this (as i understand the rfc):
{2011-01-13 13:00:cno,2011-01-13
14:00:cno,2011-01-14:cno,2011-01-15 13:00:cno}
This has to be concatenated with some data from the header of the
clearsigned Packet, i have:
4,1,1,2,0,6,5,2,77,60,187,63 (as byte-array) which looks sound
The Hash (SHA1) i get for the concatenation is:
ebfc31ab409ac2c4d43ac99421992fb41c7590c8
but the first 16 bits from the hash (included in the header) are:
0x6393
The whole value from which the hash is calculated (as byte-array because
some chars may change due to encoding):
123,34,50,48,49,49,45,48,49,45,49,51,32,49,51,58,48,48,34,58,34,99,110,111,34,44,34,50,48,49,49,45,48,49,45,49,51,32,49,52,58,48,48,34,58,34,99,110,111,34,44,34,50,48,49,49,45,48,49,45,49,52,34,58,34,99,110,111,34,44,34,50,48,49,49,45,48,49,45,49,53,32,49,51,58,48,48,34,58,34,99,110,111,34,125,4,1,1,2,0,6,5,2,77,60,187,63
This can be inserted on a site like
http://home1.paulschou.net/tools/xlate/ to check the SHA1 value and from
what i see my SHA1 is correct.
I would be really happy if someone with knowledge of the implementation
could reproduce my values and tell me where i went wrong :)
I could give anyone with interest in it the code and would be willing to
opensource it when i have my work finished...
The system i'm working on is like www.doodle.com except that userdata is
encrypted and signed in the browser, i'm a student of computer science
so its more a proof of concept.
Thanks in advance,
Ole Rixmann
signature.asc
Description: OpenPGP digital signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Thunderbird/Live/Outlook users' habits
In my view, what you are really discussing are how individuals parse or associate ideas. It just so happens that what makes information different from raw and discrete data are the cultural and religious assumptions and context added to the data. Briefly stated, as any Anthropologist and/or Psychologist will explain, humans find it a nearly impossible task to separate their cultural and/or religious assumptions from what individuals define as being logical. At the root of this problem are not merely these assumptions, but language itself which incorporates and reaffirms these assumptions continuously providing the illusion of support of the logical appearance of the assumption. These prejudices, for lack of a better term, influence not only what we see as logical, but what we see or accept as viable science. This is a more intractable problem than writing any program or straightforward script as the very foundation regarding what one believes needs to be addressed or corrected is seen in terms of one's individual, and usually untested, understanding. Of course, although as a society humanity developed mathematics and science to see such errors of thinking more clearly it is sadly also obvious that history shows very clearly that more often than not, humans require more than a generation at the minimum to catch such errors. On 1/24/2011 7:15 AM, Tobias Nissen wrote: Colin Leroy wrote: [...] I think a solution would be to remove In-Reply-To and References headers using an action. The difficulty of it is that References can span multiple lines. I could easily parse that, but there's another problem. Consider this thread: A - B - ... - C(new) - D (my reply) - E(others' replies) - F (others' reply) - ... Let's say C is the subthread with the changed subject line, that is supposed to be a new thread. Of course I could go on and remove those references. C would then stand alone as the beginning of a new thread. My reply to C (D) and replies to my reply (E) would then correctly be filed under that new thread. But direct replies to C (F) would still contain some references to the old thread, A in this case. It doesn't really matter what Claws does in this case, my guess would be to still file the reply under C. But all direct replies to C would still have those stale references to A. I don't consider this a good idea. Say for some reason I'd want to delete message C. I would then expect that all replies to C would either stand alone or form *new* thread beginnings. Instead, at least that's a behaviour I observed in my past MUAs, all those messages would again be filed under A. Maybe not right then, but surely when the index is rebuilt for some reason. I think there's now way around building a sophisticated filtering mechanism. I think it's really hard to do right. ___ Users mailing list us...@lists.claws-mail.org http://lists.claws-mail.org/cgi-bin/mailman/listinfo/users ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: MacGPG2 v2.0.17 released!
On 24 January 2011 23:03, Benjamin Donnachie benja...@py-soft.co.uk wrote: What's New bit Intel Macs running OS X Leopard (10.5) and higher. Cut and paste failed me. It should have read: What's New = * Supports 32- and 64-bit Intel Macs running OS X Leopard (10.5) and higher. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
MacGPG2 v2.0.17 released!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 MacGPG2, a build of GnuPG2 for MacOSX with a native pinentry program, has been updated to GnuPG v2.0.17. Download available from https://github.com/downloads/GPGTools/MacGPG2/MacGPG2-2.0.17.6.zip and detached signature at https://github.com/downloads/GPGTools/MacGPG2/MacGPG2-2.0.17.6.zip.asc * Tiger and PPC chips no longer supported. * v2.0.16 will be deleted from your system. * You may need to change the file path for gpg2 to /usr/local/MacGPG2/bin/gpg2 * Removal now as simple as sudo rm -fr /usr/local/MacGPG2 Support available from the GPGTools mailing list - http://www.gpgtools.org/about.html Release notes follow: Please use the detached signature to confirm the integrity of your download prior to install. Public key needed available from http://www.gpgtools.org/ Unzip the archive and then run the MacGPG2 installer. * MD5 (MacGPG2-2.0.17.zip) = f682dda810d665ed68e321dd9d230350 * 121,836 downloads of MacGPG2 from 165 countries in two years! What's New bit Intel Macs running OS X Leopard (10.5) and higher. * Core upgraded to GnuPG v2.0.17 = Configured to use standard socket and daemonise gpg agent on the fly if required * Maximum key size increased to 8192 bits; recommended for expert users only * Includes GPGTools gpg-agent cache-id option patch * Pinentry updated by GPGTools team and includes keychain support * Installs exclusively under /usr/local/MacGPG2/ removing previous v2.0.16 install * Creates default gpg configuration file if none exists * Libksba upgraded to v1.1.0 * Libusb upgraded to v1.0.8 Credits = * Werner Koch and the GnuPG Project, http://www.gnupg.org/ * Stéphane Corthésy for the launchd patches. * Charly Avital for his patient testing. * Dr Alun J Carr for his kind donation. Noteworthy changes in GnuPG version 2.0.17 (2011-01-13) - - * Allow more hash algorithms with the OpenPGP v2 card. * The gpg-agent now te gpg-agent.conf on a HUP. * Fixed output of gpgconf --check-options. * Fixed a bug where Scdaemon sends a signal to Gpg-agent running in non-daemon mode. * Fixed TTY management for pinentries and session variable update problem. * Minor bug fixes. -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://www.gpgtools.org/ iQIcBAEBAgAGBQJNPgUpAAoJEOgNmph0Y1E2XbgP/A/TaO3ARsVWU66ydjf+Tdrk ZMqy5Unt3pMffYF1W7cUbA3IiED7Wh7xkBScHWyQuEU9LmvU6lq5N7RY8uFA4aES 36jBazHgzIdsMWunouGoPqlXjmA99vt/sfrTGSH/EIcH3T7Qvw2dIL+AnnuXPZSi BRpBJDCStxa8QLw5H1h4W8+jsCxXYKigeV7PVl7fGfRXTPZUcYesDN9Nah+BpY68 mwTTh5zxzk97QjA4vWZ4GOUEfpf2fc0LMrMMTttri8kOwOz68qs+MmofNkzr6rPA FRlfChObK/t2zVoTaUDGLm+xkoggfKo+3s8RwYXG5YE90eHcmFr7Wy42pBHzvCc9 nh8nCa20r1/FzY68sz95meNls3cU9QkgCuVbQ1uXkkQ4rnp3D4fNaF+nj66XwCZa a1/WL+okH0JAcEm2Ym8s59zrXOjE6kp46TBoQZEiefnUqCMO/7hBHlyOh/eEqmfM v3JZzW/4YSOCKaPEpnv9qGqRzgz//PHmwHUb7PnqdM6i+NH2BlsM79sBE3BToubU O0bcBmxGFp/X/QMhPoUQ5VCwuJlD9qSxzs8eYXMNYM0MraMfhEI+8HeBFqA2oFxN 188lICsypJVjfK/9sPJtQBXRlI2EyVZrw6QouVnkyjzEWm2TSRXh9XTefl8+u7n9 QVQ5ID2nA7hg0QJYUDSR =OsK9 -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
MacGPG2 2.0.17
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Kevin Kammer wrote the following on 1/24/11 8:42 PM: Thanks for the suggestion, but having deactivated everything GnuPG related that was installed by MacPorts, and running the latest GPGTools installer offered from their website, I ended up with far more problems than I solved. So, for the time being I am going to revert to gpg from MacPorts and use Mutt when I need to sign or encrypt something directly from the mail client. Thanks again, Kevin To the best of my knowledge, there was no need to deactivate the MacPorts installation, but it can't hurt to have done so. I have not run the GPGTools installer, I have run the MacGPG2 2.0.17 released a few hours ago by Ben Donnachie: MacGPG2, a build of GnuPG2 for MacOSX with a native pinentry program, has been updated to GnuPG v2.0.17. Download available from https://github.com/downloads/GPGTools/MacGPG2/MacGPG2-2.0.17.6.zip and detached signature at https://github.com/downloads/GPGTools/MacGPG2/MacGPG2-2.0.17.6.zip.asc And *everything* related to MacGPG2, Thunderbird+Enigmail and GPGMail 1.3.2.RC1 is running just fine: - - decrypt/verify - - encrypt - - sign Ditto for test commands in Terminal, such as: ps waux | grep gpg-agent echo test | gpg2 -aser [your user name] | gpg2 Best regards, Charly -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GnuPG for Privacy Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBCAAGBQJNPnjpAAoJEM3GMi2FW4PvUS4H/RuSuhv7gQa3s9SGXnBaZySG UWm7ogt29uUn1tD05zYbW3iM/WYcfrqmXqelY4NF4lqGgrlweQjmPXFr1uCjF9VA 3bUnXrG4D3sSlzC211ZJJmthD6wa5OJOm00+9HuGZWKA04V5ziLPon+zpbz7/B1Y wwm0Eh6CEBUlyyHpozPyUqHIKUiZ02yBkKuH4HxKuauBVsi4EZmUjInHwte6siLH esnYc8KvyELImMkiSJ4+ccmp+LIod2lDFKKAgManQ3kMOJTzt0Pc9CCNAyEshCCo 9PaOCJfD+k3Zu754O/0IKm+UZUbCPaDA2wdx3I+z5WDzm31fG+Jvs3BQhOQ3qdI= =wcjU -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
