[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
SPKI in OpenPGP format
Here is a possible way to represent a SPKI certifcate in OpenPGP format
OpenPGP added a utility field called a notation that could be used
to hold SPKI strings. Its more of a binary (un human readble version)
but it does maintain the spirit of SPKI.
the packet format is further descreibed in sect 5.2.2. of the openPGP spec.
just a thought.
SPKI packet represented in OpenPGP Standalone signature packet
size hex-value desc
Packet Header
-------------
1 8B Ptag 10 0010 11
| | '-- 3 = indeterminate len
| '-------- 2 = Signature Packet
'------------ old packet format
Version 4 Signature packet
1 04 version number: (4).
1 02 Signature Types: Standalone signature
1 XX public key algorithm. ( DSA = 0x11 )
1 XX hash algorithm ( SHA1 = 0x02 )
Hashed SubPacket Data
2 XXXX Hashed subpacket len
---
-------------
1 02 2 = signature creation time VALIDITY
4 XX XX XX XX Signature creation time
---
1 03 3 = signature expiration time
4 XX XX XX XX Signature creation time
---
-------------
1 10 16 = issuer key ID ISSUER
8 XX... Key ID of issuer
---
-------------
1 14 20 = notation data
AUTHORIZATION
4 0000 0000 (4 octets of flags)
2 0009 - name length
2 XXXX - value length,
9 'SPKI_AUTH' - name data
N XX.... - value data
---
-------------
1 14 20 = notation data SUBJECT
4 0000 0000 (4 octets of flags)
2 000C - name length
2 0008 - value length,
8 'SPKI_SUBJECT' - name data
N XX.... - Key ID of subject
---
-------------
1 14 20 = notation data DELEGATION
4 0000 0000 (4 octets of flags)
2 000A - name length
2 0000 - value length the existance
of this field means
10 'SPKI_DELEG' - name data that the
subject may delagate the priv
---
UnHashed SubPacket Data
2 00 00 UnHashed subpacket len (not used)
Signature Data
2 XXXX - Two-octet field holding left 16 bits of
signed hash value.
N XXXX... - One or more multi-precision integers
comprising the signature.
__________________________________________________________________________
Vinnie Moscaritolo <vinnie@pgp.com>
Chief Consulting Engineer
Total Network Security 555 Twin Dolphin Drive
Network Associates, Inc. Suite 570
415.572.0430 Redwood Shores, CA 94065
Fingerprints: DE60 DB68 8E17 2A3F 60AE A933 88F1 F50E 070A 5CFF (DSS)
1 if by land, 2 if by sea.
Paul Revere - encryption 1775
__________________________________________________________________________
Follow-Ups: