Hi List, i wrote already 2 Mails and got some help but i don't get any further by myself...
I want to check gpg-clearsigned-signatures in JS, and with the rfc https://tools.ietf.org/html/rfc4880 i had some success. The problem that i have right now is to produce the Hash-value which is to be signed (to be checked). I have an example to state my problem: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 {"2011-01-13 13:00":"cno","2011-01-13 14:00":"cno","2011-01-14":"cno","2011-01-15 13:00":"cno"} -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (Darwin) iQIcBAEBAgAGBQJNPLs/AAoJEEH+GXMF1XjpY5MQAMSG7NcEJBEV7/mkeEtac1q7 cCYGzPBMnYlu3wY1/Jre6HPzfvY+x8kSsPMHIefndKDCcDFOqyEKpUe3rLZC9kBS 0yJ1Dewcz7/2tTrc6Yq6QfHXyalwpWk+I99bZpALQW5W3xh+hKtlxsZlLVn0MUnZ r5ZReRhpxefyOhRfJRzVVImvDwUpBn6GrBjmAElQd/Z27ecNtprgUZ46HfA7wHKu PjGmOHJzrbj34XPl7oqYS/tmE5AGIkyDYa7o81/8SODZxtBdztpZ48NBH9zgNcoV 32cdiGQ62S5DXUQeur+sL5z/vFMbcydtPeT2RW8gQ0Sgy6ogCwYt/QmtVFKNqJta CNh6onchhkCywjBVpxlqRQBsWvionnIY3EMF7AnQ6DhiRvF6WzVB0n9GBZwX9rvf 0A8k7AnFbGA+hAK1Oq6takm0dP2zBrq1irNe2osJfYnVp5/2m4ok+dVECp5XVG/f NgIQn1gOjflVzBotSG40VDbBKMNSjItU/xyWvR5h9Xd3p0W1940odUr1/wAwAZcM ziWa5f2G0CdeTQUQ3dzP7ZvDZZepGP+uLYPEZCDvlI4ARWqC4IdlwVPDsYQbTm9a BRzII51aiCHLuzQMNFy+Y91T655lhrsqQ6JMuURdhSGdcLvtJqZDWcyPaWflLaz/ nJlucBr0OdSQ04WkAlcA =McmZ -----END PGP SIGNATURE----- The content-part is this (as i understand the rfc): {"2011-01-13 13:00":"cno","2011-01-13 14:00":"cno","2011-01-14":"cno","2011-01-15 13:00":"cno"} This has to be concatenated with some data from the header of the clearsigned Packet, i have: 4,1,1,2,0,6,5,2,77,60,187,63 (as byte-array) which looks sound The Hash (SHA1) i get for the concatenation is: ebfc31ab409ac2c4d43ac99421992fb41c7590c8 but the first 16 bits from the hash (included in the header) are: 0x6393 The whole value from which the hash is calculated (as byte-array because some chars may change due to encoding): 123,34,50,48,49,49,45,48,49,45,49,51,32,49,51,58,48,48,34,58,34,99,110,111,34,44,34,50,48,49,49,45,48,49,45,49,51,32,49,52,58,48,48,34,58,34,99,110,111,34,44,34,50,48,49,49,45,48,49,45,49,52,34,58,34,99,110,111,34,44,34,50,48,49,49,45,48,49,45,49,53,32,49,51,58,48,48,34,58,34,99,110,111,34,125,4,1,1,2,0,6,5,2,77,60,187,63 This can be inserted on a site like http://home1.paulschou.net/tools/xlate/ to check the SHA1 value and from what i see my SHA1 is correct. I would be really happy if someone with knowledge of the implementation could reproduce my values and tell me where i went wrong :) I could give anyone with interest in it the code and would be willing to opensource it when i have my work finished... The system i'm working on is like www.doodle.com except that userdata is encrypted and signed in the browser, i'm a student of computer science so its more a proof of concept. Thanks in advance, Ole Rixmann
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
