Mailing List Archive

On Wed, 6 Apr 2022 10:47:07 +0530
Vishal Rana via Gnupg-users <gnupg-users@gnupg.org> wrote:

> But not sure how to decode imported ascii armor public key in above format.
> I tried to find in gnupg documents but not able to get information.
> Please suggest.

https://datatracker.ietf.org/doc/html/rfc4880#section-6.2 describes the
ASCII Armor format.

That whole document should have lots of relevant bits.
--
Stuart Longland (aka Redhatter, VK4MSL)

I haven't lost my mind...
...it's backed up on a tape somewhere.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Thanks Stuart for replying. I am able to decode a public key which is in
ascii armor format. But decoded information is again block of Base64 like
//////////////////////////////////////////////////////////////////////////////////////////
99020D04624C0847011000CED5D5FF24
FAF1052D0254C83FBEA80D956D1F8A08
A3CACCF52DA10BF8465270A889F9A2B0
E61EE71AD239E39FEE37DA24E8CFCEA7
....
......
....... n
//////////////////////////////////////////////////////////////////////////

*From this how to find RSA public key (n,e) values?? not able to relate.*
I want to pass imported public key like below format to API "*gcry_error_t
gcry_pk_verify (gcry sexp t sig, gcry sexp t data, gcry sexp t pkey*)"
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
static const char sample_public_key[] =
" (public-key"
" (rsa"
" (n #009F56231A3D82E3E7D613D59D53E9AB921BEF9F08A782AED0B6E46ADBC853EC"
" 7C71C422435A3CD8FA0DB9EFD55CD3295BADC4E8E2E2B94E15AE82866AB8ADE8"
" 7E469FAE76DC3577DE87F1F419C4EB41123DFAF8D16922D5EDBAD6E9076D5A1C"
" 958106F0AE5E2E9193C6B49124C64C2A241C4075D4AF16299EB87A6585BAE917"
" DEF27FCDD165764D069BC18D16527B29DAAB549F7BBED4A7C6A842D203ED6613"
" 6E2411744E432CD26D940132F25874483DCAEECDFD95744819CBCF1EA810681C"
" 42907EBCB1C7EAFBE75C87EC32C5413EA10476545D3FC7B2ADB1B66B7F200918"
"
664B0E5261C2895AA28B0DE321E921B3F877172CCCAB81F43EF98002916156F6CB#)"
" (e #010001#)))";
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

Please suggest to me how to proceed.

Regards,
Vishal Rana



On Wed, Apr 6, 2022 at 11:05 AM Stuart Longland <stuartl@longlandclan.id.au>
wrote:

> On Wed, 6 Apr 2022 10:47:07 +0530
> Vishal Rana via Gnupg-users <gnupg-users@gnupg.org> wrote:
>
> > But not sure how to decode imported ascii armor public key in above
> format.
> > I tried to find in gnupg documents but not able to get information.
> > Please suggest.
>
> https://datatracker.ietf.org/doc/html/rfc4880#section-6.2 describes the
> ASCII Armor format.
>
> That whole document should have lots of relevant bits.
> --
> Stuart Longland (aka Redhatter, VK4MSL)
>
> I haven't lost my mind...
> ...it's backed up on a tape somewhere.
>


--




*Thanks & Regards,Vishal RanaMobile :09422123401*

On Thu, 7 Apr 2022 15:26, Vishal Rana said:

> Please suggest to me how to proceed.

Most GnuPG tools feature a debug option

--debug mpi
--debug crypto

which shows you lots of debug info. For example the raw RSA parameters.
Use "--debug help" to see all debug classes. But always remember that
these are debug options and the output is not a stable API in any way.


Shalom-Salam,

Werner


--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein

Hi Team,

Thank you Shalom, above suggestion is working.
But Digital signature verify is still not working.

> I am signing image using *gnupg* from server side using "--detach-sign"
and getting *"image.sig*" file.
> Which I am trying to verify on another machine using libgcrypt. On the
verification side I am having "image.bin",image.sig, "PublicKey".
I am applying a hashing func on "image.bin" at the verification side to get
MsgDigest_of_RxMsg.
I am passing arguments to _gcry_pk_verify ( "Rx_image.sig",
MsgDigest_of_RxMsg , Public_key).

Please suggest it to me if I am missing any step. Like any conversion or
decoding is required for "image.sig" before passing it to _gcry_pk_verify
().


Regards,
Vishal Rana.






On Thu, Apr 7, 2022 at 7:44 PM Werner Koch <wk@gnupg.org> wrote:

> On Thu, 7 Apr 2022 15:26, Vishal Rana said:
>
> > Please suggest to me how to proceed.
>
> Most GnuPG tools feature a debug option
>
> --debug mpi
> --debug crypto
>
> which shows you lots of debug info. For example the raw RSA parameters.
> Use "--debug help" to see all debug classes. But always remember that
> these are debug options and the output is not a stable API in any way.
>
>
> Shalom-Salam,
>
> Werner
>
>
> --
> The pioneers of a warless world are the youth that
> refuse military service. - A. Einstein
>


--




*Thanks & Regards,Vishal RanaMobile :09422123401*

Hi Team,

Verify API in libgcrypt is expecting all arguments in * gcry_sexp_t *data type.

gcry_error_t *gcry_pk_verify (**gcry_sexp_t* sig*, **gcry_sexp_t
*data*, **gcry_sexp_t
*pkey*) .*

But my received signed image is some unreadable "--detach-sign" file .
How I am able to make a received signed image to * gcry_sexp_t *please
suggest*.*

*Regards,*
*Vishal Rana*

Regards,
Vishal Rana



On Fri, Apr 8, 2022 at 1:05 PM Vishal Rana <vishal.rana118@gmail.com> wrote:

> Hi Team,
>
> Thank you Shalom, above suggestion is working.
> But Digital signature verify is still not working.
>
> > I am signing image using *gnupg* from server side using "--detach-sign"
> and getting *"image.sig*" file.
> > Which I am trying to verify on another machine using libgcrypt. On the
> verification side I am having "image.bin",image.sig, "PublicKey".
> I am applying a hashing func on "image.bin" at the verification side to
> get MsgDigest_of_RxMsg.
> I am passing arguments to _gcry_pk_verify ( "Rx_image.sig",
> MsgDigest_of_RxMsg , Public_key).
>
> Please suggest it to me if I am missing any step. Like any conversion or
> decoding is required for "image.sig" before passing it to _gcry_pk_verify
> ().
>
>
> Regards,
> Vishal Rana.
>
>
>
>
>
>
> On Thu, Apr 7, 2022 at 7:44 PM Werner Koch <wk@gnupg.org> wrote:
>
>> On Thu, 7 Apr 2022 15:26, Vishal Rana said:
>>
>> > Please suggest to me how to proceed.
>>
>> Most GnuPG tools feature a debug option
>>
>> --debug mpi
>> --debug crypto
>>
>> which shows you lots of debug info. For example the raw RSA parameters.
>> Use "--debug help" to see all debug classes. But always remember that
>> these are debug options and the output is not a stable API in any way.
>>
>>
>> Shalom-Salam,
>>
>> Werner
>>
>>
>> --
>> The pioneers of a warless world are the youth that
>> refuse military service. - A. Einstein
>>
>
>
> --
>
>
>
>
> *Thanks & Regards,Vishal RanaMobile :09422123401*
>


--




*Thanks & Regards,Vishal RanaMobile :09422123401*

On Fri, 8 Apr 2022 14:07, Vishal Rana said:

> But my received signed image is some unreadable "--detach-sign" file .
> How I am able to make a received signed image to * gcry_sexp_t *please
> suggest*.*

See gnupg/g10/parse-packet.c
and gnupg/g10/pkglue.c

and please do yourself a favor and start with a simpler project than
implementing OpenPGP.


Salam-Shalom,

Werner


--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein

Hi Team,

Digital signature verification is failing. Getting "*Bad signature*" error.
How to debug this??

Having some observations.
*scenario 1*: Using 2 machines.
1 for signing message file. using ($ gpg --version gpg (GnuPG) 2.2.19
libgcrypt 1.8.5 ).
another machine for sign verification with (libgcrypt 1.8.5.)
Getting "*Bad signature*" error for *gcry_pk_verify (**gcry_sexp_t* sig*, *
*gcry_sexp_t *data*, **gcry_sexp_t *pkey*) .*

*scenario 2:* Using 1 machine only for signing and verification with
(libgcrypt 1.8.5.).
Getting "* Signature Verified*". Success.

In both scenario's I am using the same "message file", same set of RSA
"private/public keys" and same sha512 hash.
But observation is generated signature,"image.sig" files on both scenarios
are different. means hexdump for image.sig in both scenario is different.

Please suggest how to test or debug this.

Regards,
Vishal Rana.

On Fri, Apr 8, 2022 at 2:34 PM Werner Koch <wk@gnupg.org> wrote:

> On Fri, 8 Apr 2022 14:07, Vishal Rana said:
>
> > But my received signed image is some unreadable "--detach-sign" file .
> > How I am able to make a received signed image to * gcry_sexp_t *please
> > suggest*.*
>
> See gnupg/g10/parse-packet.c
> and gnupg/g10/pkglue.c
>
> and please do yourself a favor and start with a simpler project than
> implementing OpenPGP.
>
>
> Salam-Shalom,
>
> Werner
>
>
> --
> The pioneers of a warless world are the youth that
> refuse military service. - A. Einstein
>


--




*Thanks & Regards,Vishal RanaMobile :09422123401*

On Tue, 19 Apr 2022 15:52, Vishal Rana said:

> Digital signature verification is failing. Getting "*Bad signature*" error.
> How to debug this??

gpg --debug hashing --verify ..

Creates files with the actual hashed data - compare them to thoe create
by the signing process.

> But observation is generated signature,"image.sig" files on both scenarios
> are different. means hexdump for image.sig in both scenario is different.

Sure they are. Please read up on digital signature algorithms. See also
this status code we emit:

*** SIG_ID <radix64_string> <sig_creation_date> <sig-timestamp>
This is emitted only for signatures of class 0 or 1 which have
been verified okay. The string is a signature id and may be used
in applications to detect replay attacks of signed messages. Note
that only DLP algorithms give unique ids - others may yield
duplicated ones when they have been created in the same second.

Note, that SIG-TIMESTAMP may either be a number of seconds since
Epoch or an ISO 8601 string which can be detected by the presence
of the letter 'T'.


Salam-Shalom,

Werner


--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein

Thank you very much for valuable reply , I'll check them out.

Regards,
Vishal Rana

On Sat, 23 Apr 2022, 12:16 am Werner Koch, <wk@gnupg.org> wrote:

> On Tue, 19 Apr 2022 15:52, Vishal Rana said:
>
> > Digital signature verification is failing. Getting "*Bad signature*"
> error.
> > How to debug this??
>
> gpg --debug hashing --verify ..
>
> Creates files with the actual hashed data - compare them to thoe create
> by the signing process.
>
> > But observation is generated signature,"image.sig" files on both
> scenarios
> > are different. means hexdump for image.sig in both scenario is different.
>
> Sure they are. Please read up on digital signature algorithms. See also
> this status code we emit:
>
> *** SIG_ID <radix64_string> <sig_creation_date> <sig-timestamp>
> This is emitted only for signatures of class 0 or 1 which have
> been verified okay. The string is a signature id and may be used
> in applications to detect replay attacks of signed messages. Note
> that only DLP algorithms give unique ids - others may yield
> duplicated ones when they have been created in the same second.
>
> Note, that SIG-TIMESTAMP may either be a number of seconds since
> Epoch or an ISO 8601 string which can be detected by the presence
> of the letter 'T'.
>
>
> Salam-Shalom,
>
> Werner
>
>
> --
> The pioneers of a warless world are the youth that
> refuse military service. - A. Einstein
>