diff options
Diffstat (limited to 'agent/keyformat.txt')
| -rw-r--r-- | agent/keyformat.txt | 163 |
1 files changed, 0 insertions, 163 deletions
diff --git a/agent/keyformat.txt b/agent/keyformat.txt deleted file mode 100644 index 6c0bd8b83..000000000 --- a/agent/keyformat.txt +++ /dev/null @@ -1,163 +0,0 @@ -keyformat.txt (wk 2001-12-18) ------------------------------ - - -Some notes on the format of the secret keys used with gpg-agent. - -Location of keys -================ -The secret keys[1] are stored on a per file basis in a directory below -the ~/.gnupg home directory. This directory is named - - private-keys-v1.d - -and should have permissions 700. - -The secret keys are stored in files with a name matching the -hexadecimal representation of the keygrip[2]. - -Unprotected Private Key Format -============================== -The content of the file is an S-Expression like the ones used with -Libgcrypt. Here is an example of an unprotected file: - -(private-key - (rsa - (n #00e0ce9..[some bytes not shown]..51#) - (e #010001#) - (d #046129F..[some bytes not shown]..81#) - (p #00e861b..[some bytes not shown]..f1#) - (q #00f7a7c..[some bytes not shown]..61#) - (u #304559a..[some bytes not shown]..9b#) - ) - (uri http://foo.bar x-foo:whatever_you_want) -) - -Actually this form should not be used for regular purposes and only -accepted by gpg-agent with the configuration option: ---allow-non-canonical-key-format. The regular way to represent the -keys is in canonical representation[3]: - -(private-key - (rsa - (n #00e0ce9..[some bytes not shown]..51#) - (e #010001#) - (d #046129F..[some bytes not shown]..81#) - (p #00e861b..[some bytes not shown]..f1#) - (q #00f7a7c..[some bytes not shown]..61#) - (u #304559a..[some bytes not shown]..9b#) - ) - (uri http://foo.bar x-foo:whatever_you_want) -) - - -Protected Private Key Format -============================== -A protected key is like this: - -(protected-private-key - (rsa - (n #00e0ce9..[some bytes not shown]..51#) - (e #010001#) - (protected mode (parms) encrypted_octet_string) - ) - (uri http://foo.bar x-foo:whatever_you_want) -) - - -In this scheme the encrypted_octet_string is encrypted according to -the algorithm described after the keyword protected; most protection -algorithms need some parameters, which are given in a list before the -encrypted_octet_string. The result of the decryption process is a -list of the secret key parameters. - -The only available protection mode for now is - - openpgp-s2k3-sha1-aes-cbc - -which describes an algorithm using using AES in CBC mode for -encryption, SHA-1 for integrity protection and the String to Key -algorithm 3 from OpenPGP (rfc2440). - -Example: - -(protected openpgp-s2k3-sha1-aes-cbc - ((sha1 16byte_salt no_of_iterations) 16byte_iv) - encrypted_octet_string -) - -The encrypted_octet string should yield this S-Exp (in canonical -representation) after decryption: - -( - ( - (d #046129F..[some bytes not shown]..81#) - (p #00e861b..[some bytes not shown]..f1#) - (q #00f7a7c..[some bytes not shown]..61#) - (u #304559a..[some bytes not shown]..9b#) - ) - (hash sha1 #...[hashvalue]...#) -) - -For padding reasons, random bytes are appended to this list - they can -easily be stripped by looking for the end of the list. - -The hash is calculated on the concatenation of the public key and -secret key parameter lists: i.e it is required to hash the -concatenation of these 6 canonical encoded lists for RSA, including -the parenthesis and the algorithm keyword. - -(rsa - (n #00e0ce9..[some bytes not shown]..51#) - (e #010001#) - (d #046129F..[some bytes not shown]..81#) - (p #00e861b..[some bytes not shown]..f1#) - (q #00f7a7c..[some bytes not shown]..61#) - (u #304559a..[some bytes not shown]..9b#) -) - -After decryption the hash must be recalculated and compared against -the stored one - If they don't match the integrity of the key is not -given. - - -Shadowed Private Key Format -============================ -To keep track of keys stored on IC cards we use a third format for -private kyes which are called shadow keys as they are only a reference -to keys stored on a token: - -(shadowed-private-key - (rsa - (n #00e0ce9..[some bytes not shown]..51#) - (e #010001#) - (shadowed protocol (info)) - ) - (uri http://foo.bar x-foo:whatever_you_want) -) - -The currently used protocol is "ti-v1" (token info version 1). The -second list with the information has this layout: - -(card_serial_number id_string_of_key) - -More items may be added to the list. - - - - - - -Notes: -====== -[1] I usually use the terms private and secret key exchangeable but prefer the -term secret key because it can be visually be better distinguished -from the term public key. - -[2] The keygrip is a unique identifier for a key pair, it is -independent of any protocol, so that the same key can be ised with -different protocols. PKCS-15 calls this a subjectKeyHash; it can be -calculate using Libgcrypt's gcry_pk_get_keygrip(). - -[3] Even when canonical representation are required we will show the -S-expression here in a more readable representation. |