Als ich kürzlich noch mal meinen unverschlüsselten RSA3072-Test-
und Analyse-Key ausgegraben habe, stellte ich fest, daß dort im
secret key eine checksum angegeben ist.
| t20$ gpg --show-key rsa-testkeygpg.gpg
| sec rsa3072 2021-09-14 [SC] [expired: 2021-09-30]
| 2C1018709195D978A9F2D5FE16B218085F19B4DA
| uid Marcel Logen (RSA-Testkey) <
33320000...@ybtra.de>
|
| t20$
| t20$ gpg --list-packets rsa-testkeygpg.gpg
| # off=0 ctb=95 tag=5 hlen=3 plen=1368
| :secret key packet:
| version 4, algo 1, created 1631615616, expires 0
| pkey[0]: [3072 bits]
| pkey[1]: [17 bits]
| skey[2]: [3068 bits]
| skey[3]: [1536 bits]
| skey[4]: [1536 bits]
| skey[5]: [1535 bits]
| checksum: e692
^^^^^^^^^^^^^^
| keyid: 16B218085F19B4DA
| # off=1371 ctb=b4 tag=13 hlen=2 plen=55
| :user ID packet: "Marcel Logen (RSA-Testkey) <
33320000...@ybtra.de>"
| # off=1428 ctb=89 tag=2 hlen=3 plen=468
| :signature packet: algo 1, keyid 16B218085F19B4DA
| version 4, created 1631615616, md5len 0, sigclass 0x13
| digest algo 8, begin of digest 75 c4
| hashed subpkt 33 len 21 (issuer fpr v4 2C1018709195D978A9F2D5FE16B218085F19B4DA)
| hashed subpkt 2 len 4 (sig created 2021-09-14)
| hashed subpkt 27 len 1 (key flags: 03)
| hashed subpkt 9 len 4 (key expires after 16d0h0m)
| hashed subpkt 11 len 4 (pref-sym-algos: 9 8 7 2)
| hashed subpkt 21 len 5 (pref-hash-algos: 10 9 8 11 2)
| hashed subpkt 22 len 3 (pref-zip-algos: 2 3 1)
| hashed subpkt 30 len 1 (features: 01)
| hashed subpkt 23 len 1 (keyserver preferences: 80)
| subpkt 16 len 8 (issuer key ID 16B218085F19B4DA)
| data: [3072 bits]
| t20$
Oder, mit den public und secret Key-Daten:
| t20$ gpg --verbose --list-packets rsa-testkeygpg.gpg | head -n 13 | sed -e 's/^\(.\{90\}\).*\(.\{8\}\)$/\1[...]\2/'
| # off=0 ctb=95 tag=5 hlen=3 plen=1368
| :secret key packet:
| version 4, algo 1, created 1631615616, expires 0
| pkey[0]: C0B4122C2CEDB60A44822B8073A0DC2170754A32869B0C50610AF68FE48CD43F0F7B2497CEE8FACE[...]760B16A9
| pkey[1]: 010001
| skey[2]: 0AD9D8F01DDE36284BDA9C97D0C057C4EB9A89D6B5D7ADE62A20BE3E34B0C2BED8F5FBDB2F2E7FF8[...]32803455
| skey[3]: D4CE8501AF0ABFE60A82B15E4F6DC17E15B6CF3BD5A5B68E796FCE396DDF6B6CA614277BBF4C8EF5[...]892F802B
| skey[4]: E7D0FAA5E681C4C17140B2610C1ECB789561EF9DB1892708F389B86057640398342F8FB2ABF2790D[...]DA66867B
| skey[5]: 4D0217CBF1629164C735BECAAE706487CAFB323AAAFE3D15B1D60311ABA7432669949493DA0684E5[...]000409DA
| checksum: e692
| keyid: 16B218085F19B4DA
| # off=1371 ctb=b4 tag=13 hlen=2 plen=55
| :user ID packet: "Marcel Logen (RSA-Testkey) <
33320000...@ybtra.de>"
| t20$
Hier die Rohdaten (Signatur abgeschnitten) als Hexdump:
| 00000000 95 05 58 04 61 40 7A 80 01 0C 00 C0 B4 12 2C 2C |..X.a@z.......,,|
| 00000016 ED B6 0A 44 82 2B 80 73 A0 DC 21 70 75 4A 32 86 |...D.+.s..!puJ2.|
| 00000032 9B 0C 50 61 0A F6 8F E4 8C D4 3F 0F 7B 24 97 CE |..Pa......?.{$..|
| 00000048 E8 FA CE 63 41 11 B3 16 B6 89 7D E5 A9 07 80 67 |...cA.....}....g|
| 00000064 F1 D4 D6 56 E2 F5 46 2D 81 D9 28 E7 8C 71 8E 0A |...V..F-..(..q..|
| 00000080 49 9D 6A F8 01 81 85 2B FD D9 C7 0A FC F1 92 1F |I.j....+........|
| 00000096 CD 21 C3 B2 42 48 DA 0A 33 13 30 2C D1 80 9D 50 |.!..BH..3.0,...P|
| 00000112 DF D2 2F 19 09 19 BF 2A 73 30 EF CE 90 68 33 0F |../....*s0...h3.|
| 00000128 16 49 FF 4D 6A 46 9B 8D F4 55 C8 37 6D 42 95 3A |.I.MjF...U.7mB.:|
| 00000144 27 A0 A1 B1 5B F3 81 C2 63 FA F3 65 52 C0 FD CD |'...[...c..eR...|
| 00000160 66 E8 49 94 11 3C 13 3F FC 62 A4 82 A3 51 5C 15 |f.I..<.?.b...Q\.|
| 00000176 44 F5 A5 61 C4 C9 90 83 B8 E1 9C D4 C0 8D 57 D7 |D..a..........W.|
| 00000192 05 E7 65 AD D0 10 05 BA 5C BF D7 3F 65 7D 83 C5 |..e.....\..?e}..|
| 00000208 DB F2 05 C8 7B B5 AE 59 63 2D D0 C2 CC 2F 00 34 |....{..Yc-.../.4|
| 00000224 55 A2 AF 7D 60 B0 BB A7 7B 12 95 BC 26 A8 37 04 |U..}`...{...&.7.|
| 00000240 63 82 2F 42 9A A4 68 D0 7C 52 6D 67 22 09 5B 4C |c./B..h.|Rmg".[L|
| 00000256 AF 75 25 32 72 A1 AB 2C FF 1C 48 83 BB BE 72 83 |.u%2r..,..H...r.|
| 00000272 A8 31 CD 07 AF FF 77 25 A1 EE 4C 7C 4F C7 DF 35 |.1....w%..L|O..5|
| 00000288 7E F3 9B 1A 39 A2 15 B3 FC 4A 42 B6 7F 17 46 60 |~...9....JB...F`|
| 00000304 31 B3 22 D3 D4 1B 29 C4 DA 39 95 02 4F 48 2D 3B |1."...)..9..OH-;|
| 00000320 0D 23 8A 2A 01 2F 10 99 C1 BB C8 D3 85 87 F9 3A |.#.*./.........:|
| 00000336 2A 48 8A 6F EA 92 82 86 6E E2 A1 8C E3 EA A2 AA |*H.o....n.......|
| 00000352 DB C6 7E 3E 1E A2 0E FA A9 6E C2 CD B2 3A AA 68 |..~>.....n...:.h|
| 00000368 6A 70 E2 B0 10 E0 C9 FF BF C4 CA 13 B4 C1 EF 26 |jp.............&|
| 00000384 DC 4B D7 3C 51 93 EB 76 0B 16 A9 00 11 01 00 01 |.K.<Q..v........|
| 00000400 00 0B FC 0A D9 D8 F0 1D DE 36 28 4B DA 9C 97 D0 |.........6(K....|
^^ = secret key ist unverschlüsselt
| 00000416 C0 57 C4 EB 9A 89 D6 B5 D7 AD E6 2A 20 BE 3E 34 |.W.........* .>4|
| 00000432 B0 C2 BE D8 F5 FB DB 2F 2E 7F F8 F6 83 D2 7A FD |......./......z.|
| 00000448 7B 6D 30 91 54 66 F4 BC 65 AA 06 21 17 09 ED 58 |{m0.Tf..e..!...X|
| 00000464 0B 53 6E C7 38 69 A8 85 91 C6 F3 20 0B 4D AA 1C |.Sn.8i..... .M..|
| 00000480 63 B5 F5 F6 FB 6E A0 3B 79 87 3E 32 CA 78 0F 0C |c....n.;y.>2.x..|
| 00000496 65 FB 32 F4 ED C8 75 3D F9 97 27 49 C7 46 68 DF |e.2...u=..'I.Fh.|
| 00000512 A6 0E DF B7 5C FA FB C2 62 0F 41 4E 05 A9 A6 2C |....\...b.AN...,|
| 00000528 0F 27 1E C2 BD 91 F3 3F 36 BE 07 D2 29 E0 58 B2 |.'.....?6...).X.|
| 00000544 83 D8 BC B3 3C 3E B1 21 4B 7B 27 06 D7 15 9A 96 |....<>.!K{'.....|
| 00000560 8E CA AB 2D 79 59 7A 7A EE CA CF 9E 3A C0 DD 8A |...-yYzz....:...|
| 00000576 07 F3 6F 01 02 90 08 48 8B AF 8F A7 D8 40 74 0C |..o....H.....@t.|
| 00000592 C8 C3 90 97 F0 38 2E EE EA CF 63 70 F9 D6 BB 43 |.....8....cp...C|
| 00000608 6B 3E 31 7F 06 29 4E DE E4 80 FD 58 3C 71 95 E8 |k>1..)N....X<q..|
| 00000624 DC 18 87 6F 00 CD 71 1E 2B D1 FE B3 1A 4F 46 53 |...o..q.+....OFS|
| 00000640 05 1A A4 9F 0C 7B AF AC 47 02 75 6A A1 D6 3B 58 |.....{..G.uj..;X|
| 00000656 07 FA 4B BF BE DD F0 BC 85 CA 16 B4 25 09 9F F9 |..K.........%...|
| 00000672 65 63 48 27 F9 28 06 6B 3A A4 5C 5C C0 F0 F6 2E |ecH'.(.k:.\\....|
| 00000688 B8 5B C0 E9 A0 AD 04 4C B2 33 B0 AE E2 73 A1 97 |.[.....L.3...s..|
| 00000704 50 7C DB 67 E4 B7 EA 40 D2 EB D1 4A 78 B2 B0 2B |P|.g...@...Jx..+|
| 00000720 05 F5 1C 84 88 A0 65 E2 BE 6B 5F D6 66 8F E7 E9 |......e..k_.f...|
| 00000736 E9 3D B7 9A D9 02 D5 E9 15 92 62 95 50 EA FC 1C |.=........b.P...|
| 00000752 C1 89 E5 2A 9A AE DB B9 05 68 DC 2D 2F E9 EB 80 |...*.....h.-/...|
| 00000768 2B AB F6 8A 66 A7 42 1B 7F BD C1 C6 96 33 9A 32 |+...f.B......3.2|
| 00000784 80 34 55 06 00 D4 CE 85 01 AF 0A BF E6 0A 82 B1 |.4U.............|
| 00000800 5E 4F 6D C1 7E 15 B6 CF 3B D5 A5 B6 8E 79 6F CE |^Om.~...;....yo.|
| 00000816 39 6D DF 6B 6C A6 14 27 7B BF 4C 8E F5 4A 6F 46 |9m.kl..'{.L..JoF|
| 00000832 55 58 D6 34 F4 2B ED A6 3A 50 AC 8A C3 B2 F5 46 |UX.4.+..:P.....F|
| 00000848 32 64 15 31 A2 AA 0A B5 2A D9 46 40 B5 B6 B3 C7 |2d.1....*.F@....|
| 00000864 88 92 90 E1 4A 35 50 6D B6 41 C1 75 8C CD 9C B1 |....J5Pm.A.u....|
| 00000880 90 EA BB CD 1D 49 AB EC 8F 05 F7 ED D4 13 A2 DE |.....I..........|
| 00000896 8F 54 FE BC FB 41 61 2E 46 59 A2 89 E2 FA F0 1C |.T...Aa.FY......|
| 00000912 D6 6B 31 CA 64 15 6B F3 90 79 15 31 0E 4B 86 C4 |.k1.d.k..y.1.K..|
| 00000928 77 77 44 C5 9C 6E 43 4E 44 D1 C0 50 61 D0 70 1D |wwD..nCND..Pa.p.|
| 00000944 D4 57 57 B8 62 09 B4 2F 34 E7 90 83 E6 EF 27 66 |.WW.b../4.....'f|
| 00000960 AD B4 65 D8 3A 0D D2 BE 80 1F 98 D7 FD A9 91 11 |..e.:...........|
| 00000976 08 89 2F 80 2B 06 00 E7 D0 FA A5 E6 81 C4 C1 71 |../.+..........q|
| 00000992 40 B2 61 0C 1E CB 78 95 61 EF 9D B1 89 27 08 F3 |@.a...x.a....'..|
| 00001008 89 B8 60 57 64 03 98 34 2F 8F B2 AB F2 79 0D 5B |..`Wd..4/....y.[|
| 00001024 81 D8 A1 FA E4 21 EE AC 74 C8 07 63 A6 53 08 00 |.....!..t..c.S..|
| 00001040 FC 97 94 8F 9D 55 02 FD 24 B2 D3 5E 5C C4 14 EB |.....U..$..^\...|
| 00001056 1F 03 1D F9 E5 0B CA B7 90 61 FB 67 83 E5 AB FE |.........a.g....|
| 00001072 51 AB 53 1D A9 4C 3E 8E 97 2F A4 AA 5C 26 D3 C9 |Q.S..L>../..\&..|
| 00001088 57 02 01 62 ED 06 8A 1D C9 0C 2B 22 D2 14 5A C9 |W..b......+"..Z.|
| 00001104 76 80 B8 74 C1 A6 29 BB A3 8A 03 AB F3 11 A3 D6 |v..t..).........|
| 00001120 6F 9F 70 83 BE 09 71 F2 1E 43 3B 25 32 40 6E 42 |o.p...q..C;%2@nB|
| 00001136 91 62 18 C1 C6 1D F7 EF 73 AA 38 41 F2 3C 9A 66 |.b......s.8A.<.f|
| 00001152 84 1E 8F 1E 86 A8 A2 5B 96 8F E1 11 2B BB B4 75 |.......[....+..u|
| 00001168 98 49 53 DA 66 86 7B 05 FF 4D 02 17 CB F1 62 91 |.IS.f.{..M....b.|
| 00001184 64 C7 35 BE CA AE 70 64 87 CA FB 32 3A AA FE 3D |d.5...pd...2:..=|
| 00001200 15 B1 D6 03 11 AB A7 43 26 69 94 94 93 DA 06 84 |.......C&i......|
| 00001216 E5 AC 20 C4 FE 0A 98 9F 2D E7 60 CF 7E 4F A5 EE |.. .....-.`.~O..|
| 00001232 15 D1 35 13 E7 44 4A 62 F3 3D EA AF 80 78 2E 15 |..5..DJb.=...x..|
| 00001248 43 97 8B 56 CE 0F FC C6 F8 DE 40 C0 9C 51 BE 71 |C..V......@..Q.q|
| 00001264 8F 84 A8 A2 4B 63 93 2C A9 20 16 44 EA 37 C8 8B |....Kc.,. .D.7..|
| 00001280 EF A7 4C 15 0B 50 3B C8 3D 19 1B 20 40 41 8A 4B |..L..P;.=.. @A.K|
| 00001296 7E C6 99 4C 74 CA 8C D7 02 5B DC C0 08 81 C0 0B |~..Lt....[......|
| 00001312 82 6C 19 45 8C EC F2 E2 14 D9 74 23 6E 48 B5 D1 |.l.E......t#nH..|
| 00001328 7A 68 18 35 48 E8 F7 26 BB E4 48 71 AC 6A 97 8B |zh.5H..&..Hq.j..|
| 00001344 08 D7 63 F9 6C 09 8A 8D A8 DF 2F 72 21 05 23 8A |..c.l...../r!.#.|
| 00001360 EB 5D 13 1D 8C 00 04 09 DA E6 92 B4 37 4D 61 72 |.]..........7Mar|
^^^^^ checksum
| 00001376 63 65 6C 20 4C 6F 67 65 6E 20 28 52 53 41 2D 54 |cel Logen (RSA-T|
| 00001392 65 73 74 6B 65 79 29 20 3C 33 33 33 32 30 30 30 |estkey) <3332000|
| 00001408 30 37 31 31 30 2D 30 32 30 31 40 79 62 74 72 61 |07110-0201@ybtra|
| 00001424 2E 64 65 3E 89 01 D4 04 13 01 08 00 3E 16 21 04 |.de>........>.!.|
[...]
Frage natürlich: Wie berechnet sich die checksum?
Der aktuelle OpenPGP-Draft sagt dazu:
<
https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-crypto-refresh-05#section-5.5.3>
| * If the string-to-key usage octet is zero, then a two-octet
| checksum of the algorithm-specific portion (sum of all octets, mod
| 65536).
Meine Erkenntnis: Hier dürfen nur die secret Daten berücksichtigt
werden, obwohl weiter oben im Draft steht:
| 5.5.3. Secret-Key Packet Formats
|
| The Secret-Key and Secret-Subkey packets contain all the data of the
| Public-Key and Public-Subkey packets, with additional algorithm-
| specific secret-key data appended, usually in encrypted form.
|
| The packet contains:
|
| * The fields of a Public-Key or Public-Subkey packet, as described
| above.
|
| * One octet indicating string-to-key usage conventions. Zero
| indicates that the secret-key data is not encrypted. 255, 254, or
[...]
Demnach sollten die public Anteile auch in der checksum Berück-
sichtigung finden, oder nicht?
Wie dem auch sei: Es werden (von GnuPG) nur die Oktetts des secret
Anteils summiert (wobei auch die Längenangaben der MPI - multipre-
cision integers - mit erfaßt werden müssen).
| t20$ head -n 20 rsa-testkeygpg-fuer-checksum-e692.3
| 0B
| FC
| 0A
| D9
| D8
| F0
| 1D
| DE
| 36
| 28
| 4B
| DA
| 9C
| 97
| D0
| C0
| 57
| C4
| EB
| 9A
| t20$ tail -n 20 rsa-testkeygpg-fuer-checksum-e692.3
| 09
| 8A
| 8D
| A8
| DF
| 2F
| 72
| 21
| 05
| 23
| 8A
| EB
| 5D
| 13
| 1D
| 8C
| 00
| 04
| 09
| DA
| t20$
Berechnung der Oktett-Summe (mit ksh und bc):
| t20$ sumq=0; while read ; do sumq=$(echo 'obase=16;ibase=16;' "$sumq" "+" "$REPLY" |bc) && echo "$REPLY" " " "$sumq" ;done < rsa-testkeygpg-fuer-checksum-e692.3 && echo "$sumq"
| 0B B
| FC 107
| 0A 111
| D9 1EA
| D8 2C2
| F0 3B2
| 1D 3CF
| DE 4AD
| 36 4E3
| 28 50B
| 4B 556
| DA 630
| 9C 6CC
| 97 763
| D0 833
| C0 8F3
| 57 94A
| C4 A0E
| EB AF9
| 9A B93
| 89 C1C
| D6 CF2
| B5 DA7
| D7 E7E
| AD F2B
| E6 1011
| 2A 103B
[...]
| 5D 1E4EF
| 13 1E502
| 1D 1E51F
| 8C 1E5AB
| 00 1E5AB
| 04 1E5AF
| 09 1E5B8
| DA 1E692
| 1E692
| t20$
0x1E692 mod 0x10000 = E692
Das entspricht der von GnuPG angezeigten checksum!
Bezieht man die public Anteile mit ein, kommt eine Summe von 0x2A5C8
(bzw. mod 65536 0xA5CB) heraus.
Marcel 1ee0v (1521695)
--
╭──╮ ╭──╮ ╭─╮ ╭──╮ ╭───╮ ╭───╮ ╭──
───╮ │ ╰─╯ ╰─╯ ╰──╯ ╰───╯ ╰──╮ ╭────╯ │ ╭───╮ │
│ ╰──╮ ╭────────╯ ╭─╯ ╭──╯ │ │ ╭───╯
╰─────╯ ╰──────────╯ ╰───────────╯ ╰───╯ef4ab7