On Sat, Sep 16, 2006 at 12:35:08PM +1000, James A. Donald wrote: > -- > Peter Gutmann wrote: > > > How does [GPG] handle the NULL vs.optional > > > parameters ambiguity? > > David Shaw: > > GPG generates a new structure for each comparison, so > > just doesn't include any extra parameters on it. Any > > optional parameters on a signature would cause that > > signature to fail validation. > > > > RFC-2440 actually gives the exact bytes to use for the > > ASN.1 stuff, which nicely cuts down on ambiguity. > > This amounts to *not* using ASN.1 - treating the ASN.1 > data as mere arbitrary padding bits, devoid of > information content.
That is correct. OpenPGP passes the hash identification in the OpenPGP data as well as encoded in ASN.1 for the PKCS-1 structure. Since there is another source for the information, it is unnecessary to generate or parse ASN.1. In the case of GPG specifically (other implementations may do the same, but I can't say for sure), all ASN.1 data is hardcoded opaque strings. David --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
