Hi, I am playing around with GPG which I'd like to use to sign message and use the resulting signature binary in another piece of code.
So far I have created a simple PGP packet parser in JuliaLang with which I think I can successfully extract the elliptic curve point representing the public key as follows. See GitLab <https://gitlab.com/braneproject/PGParser.jl> for source code. ``` $ gpg --output pubkey.bin --export 8FAB2B40D753C0F6 ``` ``` julia> packets = bin2packet("pubkey.bin") 3-element Array{PGPPacket,1}: Public-Key Packet Length : 79, Partial : false PublicKey(0x04, 1550079457, scep256k1 Point(𝑥,𝑦): f05314566c9bfc8d8cf463a7a01e7735245d588a60dd874f09a9636620abb314, 6bda245d43cbbe019ab1ad74316d675dd858cdd776820969bcc21bbccbd3a661) ``` I am then generating a message within Julia, an integer, which needs to be signed and which I just save to file made of 32 bytes representing the 256 bits number in big-endian. But I wonder if this should be serialized in some way? Should their be a package header indicating to GPG what it is signing for, what length is has or anything else? Should I maybe follow X.690 for integer encoding? Next, comes signature parsing which I haven't been able to interpret so far, finding no hints in RFC4880 or 5480. Nevertheless, I assume the last 68 bytes must be signature representation with two integer, preceded by some bytes which looks to be 00ff in the below message. How should EC signature be parsed exactly? Where would this be documented? Last but not least, is the signature hashed? And if yes, is there a way to get it unhashed? ``` julia> z = 99621552382283238930643867389539606415724582999531180113553721867524305282175; julia> f = open("z.bin","w"); julia> write(f,int2bytes(z)) 32 ``` ``` $ gpg -b -u D753C0F6 z.bin ``` ``` julia> packet = bin2packet("z.bin.sig") 1-element Array{PGPPacket,1}: Signature Packet Length : 117, Partial : false Version : 4 Type : SHA256 SignatureSubPacket[ Issuer Fingerprint 041f6132045b4b6c393c48846e8fab2b40d753c0f6, Signature Creation Time 5c70346a] SignatureSubPacket[ Issuer 8fab2b40d753c0f6] Hash left : 3462 scep256k1 signature(𝑟, 𝑠): "00ff6ae576da68ddbd1a2aff20d450186fdd1a13bbbddc1b9837a19080364f3cd83700ff4727b504b86d667b048147c939b4eafae21203e1235ae6e68aa71477292ea173" ``` All my attempt to verify signature of message provided pub key have so far failed and so there is clearly something I do not get. I am looking forward at receiving any tips :) Thanks upfront
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
