Hi Ole-- On 01/13/2011 12:59 PM, Ole Rixmann wrote: > this is my first post ;)
welcome! > I need to check gpg-rsa-signatures in JavaScript and for this to happen > i have > to parse key blocks produced with > "gpg --armor --export-options export-minimal --export 0xid". > To do the checking i need the rsa-parameters (like n and g) but i have > no clue how to extract them. > With "gpg --debug-all --list-packets keyfile" i get a whole lot of stuff > and i think the parameters are in there ;) > but it doesn't look good. > > So maybe someone can give me a hint? You're asking about some arcana, and your best reference for details is probably the RFC -- the OpenPGP format itself is specified in RFC 4880: https://tools.ietf.org/html/rfc4880 export-minimal will usually produce nothing but: Public Keys: https://tools.ietf.org/html/rfc4880#section-5.5.2 User IDs: https://tools.ietf.org/html/rfc4880#section-5.11 and self-issued signatures: https://tools.ietf.org/html/rfc4880#section-5.2 There may also be subkeys (which look like primary keys, but have a slightly different header), user Attributes (like user IDs, but jpegs instead of strings), and direct-key signatures. Signatures can of course have many different kinds of subpackets, which makes robust parsing of them a bigger project. But if you just want the RSA key material, you can ignore the signatures of course. This would mean that you wouldn't be able to verify that they key belongs to whoever you hope it belongs to (at least, not through OpenPGP). Only you can say whether that tradeoff makes sense for your particular application. > I would also be interested in information about exactly how gpg does > signing wit rsa/sha-1. You probably want the info about "computing signatures": https://tools.ietf.org/html/rfc4880#section-5.2.4 hth, --dkg
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
