Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

PGP message format documentation needed

25 views
Skip to first unread message

Paul Rubin

unread,
Jul 26, 2002, 4:24:14 AM7/26/02
to
Is there any more recent documentation of PGP message format than RFC
2440? E.g., was 2440 superseded by a later RFC?

I'm trying to read RFC 2440 and some parts of it are not very clear,
and some parts may need updating.

Examples:

1. Packet lengths are 4 bytes long, i.e. 4 gigabyte maximum (or 2 GB?
Is it signed or unsigned?). So if you want to encrypt a 100 GB hard
disk backup, are you stuck? Or can you divide the file into 25
"partial packets"?

2. Section 5.1 says there's a 1-byte number specifying the public key
algorithm. It mentions the RSA and El-Gamal algorithms but doesn't
say what values of the 1-byte number correspond to those algorithms.

There might be more issues like this but I stopped reading RFC2440
at this point.

I guess I can find these things out by examining the C source code but
I first thought I'd ask if there's a more recent document.

Thanks.

disa...@saiknes.lv.no.spam.net

unread,
Jul 26, 2002, 4:42:25 AM7/26/02
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Paul Rubin wrote:
>
> Is there any more recent documentation of PGP message format than RFC
> 2440? E.g., was 2440 superseded by a later RFC?

no, but there is a draft:
http://www.imc.org/draft-ietf-openpgp-rfc2440bis

> I'm trying to read RFC 2440 and some parts of it are not very clear,
> and some parts may need updating.
>
> Examples:
>
> 1. Packet lengths are 4 bytes long, i.e. 4 gigabyte maximum (or 2 GB?
> Is it signed or unsigned?). So if you want to encrypt a 100 GB hard
> disk backup, are you stuck? Or can you divide the file into 25
> "partial packets"?

you'll need at least 100 parial packets,
max size of partial packet is 1GB,
see section 4.2.2.4.

> 2. Section 5.1 says there's a 1-byte number specifying the public key
> algorithm. It mentions the RSA and El-Gamal algorithms but doesn't
> say what values of the 1-byte number correspond to those algorithms.

section 9.1 says it.

> There might be more issues like this but I stopped reading RFC2440
> at this point.
>
> I guess I can find these things out by examining the C source code but
> I first thought I'd ask if there's a more recent document.
> Thanks.

__
Disastry http://disastry.dhs.org/
http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon
^----PGP 2.6.3ia-multi06 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes)
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1

iQA/AwUBPUDvTjBaTVEuJQxkEQN94ACgiGFxLiHTELM/SFTwWj31WPef/iwAoPKp
Xv8EKfsEYLv2zwT7wGMCCcqZ
=ZBeG
-----END PGP SIGNATURE-----

Thomas J. Boschloo

unread,
Jul 26, 2002, 4:47:11 PM7/26/02
to
disa...@saiknes.lv.NO.SPaM.NET wrote:

> Paul Rubin wrote:
> >
> > Is there any more recent documentation of PGP message format than RFC
> > 2440? E.g., was 2440 superseded by a later RFC?
>
> no, but there is a draft:
> http://www.imc.org/draft-ietf-openpgp-rfc2440bis

<http://search.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-05.txt>
seems more current. And I would also check <www.openpgp.org> because
they make the specs. At first glance I see NAI and Wave Systems
something, aren't they supposed to be evil?? (Wave somehow reminds me of
paladium and DRM, but I could be confusing myself).

Greetz,
Thomas
--
Alec Empire: "Anything worth having is worth fighting for"
My boring homepage <http://home.hccnet.nl/t.j.boschloo/>

Paul Rubin

unread,
Jul 26, 2002, 5:21:35 PM7/26/02
to
"Thomas J. Boschloo" <nos...@hccnet.nl.invalid> writes:
> > > Is there any more recent documentation of PGP message format than RFC
> > > 2440? E.g., was 2440 superseded by a later RFC?
> >
> > no, but there is a draft:
> > http://www.imc.org/draft-ietf-openpgp-rfc2440bis
>
> <http://search.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-05.txt>
> seems more current. And I would also check <www.openpgp.org> because
> they make the specs. At first glance I see NAI and Wave Systems
> something, aren't they supposed to be evil?? (Wave somehow reminds me of
> paladium and DRM, but I could be confusing myself).

Thanks. Section 9 had the stuff I wanted. There should have been a
pointer in section 4, so it was just poor editing, not that big a deal.

disa...@saiknes.lv.no.spam.net

unread,
Jul 29, 2002, 2:36:20 AM7/29/02
to
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

"Thomas J. Boschloo" wrote:


>
> disastry wrote:
> > http://www.imc.org/draft-ietf-openpgp-rfc2440bis
>
> <http://search.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-05.txt>
> seems more current.

> Thomas

:-D
they are the same ;->

__
Disastry http://disastry.dhs.org/
http://disastry.dhs.org/pgp <----PGP plugins for Netscape and MDaemon
^----PGP 2.6.3ia-multi06 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes)
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1

iQA/AwUBPUTGOjBaTVEuJQxkEQP4ZwCgkaKcH0wIVRj63XTRHx30tYzCqicAoKIq
7bEdbcn/ZZ4hRIAuPa/slaEQ
=qPqT
-----END PGP SIGNATURE-----

0 new messages