Hash 要为PGP哈希的数据长度
我终于设法验证了一些简单的PGP签名消息块。然而,我发现由于某种原因,我的实现限制了我验证9-16字节长的数据。同样如此。没有了 是否有一些指令指定如何处理任意长度的明文数据?也许我错过了什么填充物?pkcs1 我很确定我正确地格式化了数据以进行散列,因为RFC 4880第5.2.4节中的说明说,对于文本文档,只需将所有Hash 要为PGP哈希的数据长度,hash,cryptography,implementation,pgp,dsa,Hash,Cryptography,Implementation,Pgp,Dsa,我终于设法验证了一些简单的PGP签名消息块。然而,我发现由于某种原因,我的实现限制了我验证9-16字节长的数据。同样如此。没有了 是否有一些指令指定如何处理任意长度的明文数据?也许我错过了什么填充物?pkcs1 我很确定我正确地格式化了数据以进行散列,因为RFC 4880第5.2.4节中的说明说,对于文本文档,只需将所有\n替换为\r\n,并添加一个尾部。因为我的测试值是单行数据,所以不需要替换任何内容 所有这些值均以10为基数,除非另有说明: // DSA public key values
\n\r\n// DSA public key values
p = 175466718616740411615640156350265486163809613514213656685227237159351776260193236923030228927905671867677337184318134702903960237546408302010360724274436019639502405323187799029742776686067449287558904042137172927936686590837020160292525250748155580652384740664931255981772117478967314777932252547256795892071
q = 809260232002608708872165272150356204306578772713
g = 127751900783328740354741342100721884490035793278553520238434722215554870393020469115393573782393994875216405838455564598493958342322790638050051759023658096740912555025710033120777570527002197424160086000659457154926758682221072408093235236853997248304424303705425567765059722098677806247252106481642577996274
y = 172935968966072909036304664996424500241381878537444332146572958203083745609400290814117451480512268901233962890933482206538294509037615827035398352528065134903071886710296983781453184598843331365336270501467458073523376152406987560592548479865116940266729198119357206749848310472131186772143408998928864559411
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
abcd
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.39
iFsEARECABsFAk/tB28UHGFiYyA8bWFrY21AYWFhLmNvbT4ACgkQMFIlRc933Ya2
RwCfdMyI08Iz0rDXVHOPlGA3s5Y9j/8An2He7+hHjWfGJNoOJT7gAxqJaoLo
=I2rT
-----END PGP SIGNATURE-----
data hashed (in hex): 6162636404011102001b05024fed076f141c616263203c6d616b636d406161612e636f6d3e04ff00000021
r = 666804200764671083282351405489424949903645052927
s = 558743769080942454889260816818443017172325925608
w = 702955297882281869313155599553522395227576660460 // s^-1 mod q
u1 = 190417717173929082607343542521304347388874234334
u2 = 306786785479358548892951170619047936651163362761
v = g^u1 * y^u2 % p % q = 737052148656331043521702886300418501784667890334
v != r
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
0123456789abcdef
-----BEGIN PGP SIGNATURE-----
Version: BCPG v1.39
iFsEARECABsFAk/tCE0UHGFiYyA8bWFrY21AYWFhLmNvbT4ACgkQMFIlRc933YYG
IQCfercgPsXFnah6otgQdEMbv9OeCgIAnRIyOLirbqSlBugBT6Ex/Adz4+7L
=bzab
-----END PGP SIGNATURE-----
data hashed (in hex): 3031323334353637383961626364656604011102001b05024fed084d141c616263203c6d616b636d406161612e636f6d3e04ff00000021
r = 700580719365380086754774917458461236187098909186
s = 103881812262595813943381509986903840453887782603
w = 178510125628083028184051840492924307896586330444 // s^-1 mod q
u1 = 78831508775508876446567239486098677466912246622
u2 = 572875590470993668032596348682349224460207395691
v = g^u1 * y^u2 % p % q = 700580719365380086754774917458461236187098909186
v == r
我没有足够的时间查看详细信息,但我猜您正在正确地应用(或未应用)填充。这将导致对某些输入长度产生正确的结果,但对其他输入长度则不会 我想我会更深入地调查这件事,但我想在悬赏线下弄点东西:) 编辑:确定,发现错误。不知道为什么你会得到它,但是如果它被修复了,那么正确的答案就会出来。在不工作的示例中,计算
ww = 702955297882281869313155599553522395227576660458
s * your_w mod q = 308227306159276200906356361486529830038073078504
s * my_w mod q = 1
u1 = 536931432138658080437983667536052790245747416035
u2 = 591698847955233800072578903940910445457030802333
v = (g^u1 * y^u2) % p % q = 666804200764671083282351405489424949903645052927
r == v
希望能有所帮助。你能把“----开始PGP公钥块------”块放在这里吗?哈哈,怎么会这样?是时候翻阅我的任意精度整数代码了,这只是为了学习,对吗?看起来我应该重复一次非常重要的“不要自己实现加密”警告。
s * your_w mod q = 308227306159276200906356361486529830038073078504
s * my_w mod q = 1
u1 = 536931432138658080437983667536052790245747416035
u2 = 591698847955233800072578903940910445457030802333
v = (g^u1 * y^u2) % p % q = 666804200764671083282351405489424949903645052927
r == v