Daniel Kahn Gillmor dkg@fifthhorseman.net writes:
I'm also interested in making some OpenPGP tools, and exploring the range of crypto primitive toolkits to use. nettle seems like an obvious choice, but i won't be able to test those certs with it.
You may want to look at the (unfinished) openpgp code in Nettle, when I worked on it the first objective was to be able to generate key packets.
so: not a great or urgent reason, but it'd be nice to be able to use nettle as a basis for tools that implement higher-level specs.
I guess it shouldn't be too difficult to implement SHA512 (and -384) if one uses uint64_t and doesn't care too much about performance on 32-bit machines.
Adding support for new hashes there is easy, as soon as people have agreed on which object id to use.
what do you mean by object id?
RSA signatures using pkcs#1 uses a magic string to identify the used hash, and this string is prepended to the hash value, formally to construct a DER-encoded ASN.1 DigestInfo (but one doesn't have to care about the structure of the magic string). E.g., for sha-1, I have (in pkcs1-rsa-sha1.c):
static const uint8_t sha1_prefix[] = { /* 15 octets prefix, 20 octets hash, total 35 */ 0x30, 33, /* SEQUENCE */ 0x30, 9, /* SEQUENCE */ 0x06, 5, /* OBJECT IDENTIFIER */ 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0, /* NULL */ 0x04, 20 /* OCTET STRING */ /* Here comes the raw hash value */ };
So one has to figure out the corresponding string to use for sha-512 and sha-384 (none is specified in fips180-2.pdf, so one has to look in some other spec).
Agree! I'm not sure how to fix it, maybe it's sufficient to add "multipart/signed" to mailman's pass_mime_types?
i don't know, but that sounds like a reasonable thing to try. let me know if you want me to test it.
I changed the mailman configuration, but not sure things work. I signed my previous message (and I'm signing this one too), and it got throuh to the list, but the message/signature pair was corrupted somehow when I received it (I use gnupg and the builtin pgp support built in emacs-23.1, Gnus-v5.13).
Regards, /Niels