On Wed, 29 May 2002, Greg Wooledge wrote:
> Phil Marlowe ([EMAIL PROTECTED]) wrote:
>
> > I'd like a quick and easy method of deriving the CHK key for a document,
> > other than reading the nodes' response to a successful insert.
>
> The Java is nearly indecipherable to me. But it's got something to do
> with an SHA-1 digest, and a base-64 encoding, and the number 0x0302.
>
> freenet/src/freenet/crypt/SHA1.java gives us some sample test strings
> and their SHA-1 digests. So let's start with:
>
> jekyll$ echo -n abc | openssl dgst -sha1
> a9993e364706816aba3e25717850c26c9cd0d89d
>
> That matches the first test string listed in the SHA1.java source code.
> So far so good. This is a 40-digit hex number, which is 160 bits of
> information.
>
> Now let's insert this key into Freenet:
>
> jekyll:~$ echo -n abc >abc
> jekyll:~$ CLASSPATH=~freenet/freenet-ext.jar:~freenet/freenet.jar java
>freenet.client.cli.Main put --htl 0 CHK@ <abc
> LALA:
> State PREPARED reached.
> State REQUESTING reached.
> Transfer of 26 bytes started.
> 23 bytes transferred.
> Transfer ended with 26 bytes moved.
> Insert URI -
> freenet:CHK@YzHLBuNS4cxy8vi82SbA9rb7BBsKAwI,dliOt6Q1Ih0eILULih-bmQ
> The insert has been accepted; waiting up to 56 seconds for the StoreData
> State DONE reached.
> Document metadata:
>
> Version
> Revision=1
> End
>
> So the question now becomes: how do we convert
> "a9993e364706816aba3e25717850c26c9cd0d89d" into
> "CHK@YzHLBuNS4cxy8vi82SbA9rb7BBsKAwI,dliOt6Q1Ih0eILULih-bmQ"?
>
> The next clue apparently comes from a comment at the top of the source
> file freenet/src/freenet/client/FreenetURI.java; it says:
>
> * freenet:[KeyType@]RoutingKey[,CryptoKey][,n1=v1,n2=v2,...][/docname][//metastring]
>
> So apparently, our CHK is actually constructed of the following pieces:
>
> KeyType: CHK
> RoutingKey: YzHLBuNS4cxy8vi82SbA9rb7BBsKAwI
> CryptoKey: dliOt6Q1Ih0eILULih-bmQ
>
> client/FreenetURI.java also says:
>
> * RoutingKey is the modified Base64 encoded key value.
> * CryptoKey is the modified Base64 encoded decryption key.
>
> So apparently one should be able to base64-decode the RoutingKey and get
> something that contains, possibly among other things, the 160-bit SHA-1
> digest.
>
> Unfortunately, this is where I hit a brick wall. I get this far:
>
> jekyll$ perl -e 'use MIME::Base64; print
>decode_base64("YzHLBuNS4cxy8vi82SbA9rb7BBsKAwI");' | hex
> 0x00000000: 63 31 cb 06 e3 52 e1 cc - 72 f2 f8 bc d9 26 c0 f6 c1.F.R��r����&��
> 0x00000010: b6 fb 04 1b 0a 03 02 - ��D[JCB
>
> I see the magic number "0302" which I also saw in keys/CHK.java -- so that
> seems like a good sign. But I don't see "a9 99 93" anywhere in there.
The routing key != the SHA digest of the data. If I remember correctly,
it's the SHA digest of the encrypted data.
for the 'standard' 160 bit key, Take the data "abc" and do a SHA1 digest
on it. Thats your entropy. Feed that entropy into makeKey,
which does another SHA1 hash on it and returns the digest as the key.
(It's more complex for longer keys. Shorter keys just use the first N
bytes of the 20-byte hash)
Now you've got your encryption key. Yay!
Now, something complex happens in client/ClientCHK.java:encode(). I
THINK what happens is you pad with a rolling SHA-1 hash (using the
entropy above) and then encrypt with the key. That's your encrypted
data.
Take the 160 bit SHA of your encrypted data, and tag on three bytes.
(0x0a0302 I think, but don't quote me on that.) base-64 encode it,
and you have your routing key.
The full CHK is CHK@<routing-key>,<crypto-key>
> I will personally worship you if you make a usable fcptools. Hell,
> I might even attempt to *use* it again!
Try the current version from CVS and give me feedback. Esp. the
--record-file option.
--Dan
_______________________________________________
devl mailing list
[EMAIL PROTECTED]
http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/devl
