Hello Stefan, On 21/01/2019 12:46, Stefan Claas wrote: > To compute the hash of an image one has to add a 22bytes header > to the image and then the hash will be properly computed.
Since I didn't exactly follow the "22 bytes" part I looked at it one more time; I got curious. It turned out I accidentally cut off part of the inner header when I intended to strip the outer header, silly me. I went too quickly. What works for me is: - Take the User Attribute Packet - Strip off the header: 1 byte tag, and in my case, 2 bytes length (lengths are encoded on 1, 2 or 5 bytes) - Hash what's left So: $ gpg --export KEYID | gpgsplit Take a file named *.attribute Is the file smaller than 194 bytes? Wow, small attribute. Drop the first two bytes. Is the file between 194 and 8386 bytes inclusive? Drop the first three. If it's larger than 8386 bytes, drop the first six bytes. And hash the rest of the file. $ dd if=002839-017.attribute bs=1 skip=3 status=none|gpg --print-md RIPEMD160 For a real implementation, it's better to inspect the length field rather than reverse-compute its own length based on the file size. The 22 bytes added goes in reverse: 2 octets encoded length apparently, appropriate for the usual JPEG file smaller than a bit over 8 KiB, and then 01 10 00 01 01 00 00 00 00 00 00 00 00 00 00 00 00 for the header bits before the JPEG file. > To get the proper base32 value i had to use Werner's zb32. Python: --8<---------------cut here---------------start------------->8--- b32s = "ybndrfg8ejkmcpqxot1uwisza345h769" def b32enc(i): s = "" while i: s = b32s[i & 0x1f] + s i >>= 5 return s def b32dec(s): out = 0 for c in s: out = (out << 5) + b32s.index(c) return out --8<---------------cut here---------------end--------------->8--- If the encoded string is shorter than expected, prepend y's :-). It's the simplest code that sort-of works. There might be more issues, it's really bare-bones. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users