On Sat, Jul 27, 2002 at 10:04:43AM -0700, [EMAIL PROTECTED] wrote: <> > Please correct me and tell me which of these assumptions are wrong:
I don't remember a lot of this, but mostly I think you are right. I guess we'll find out when it doesn't work. <> > 8. I need a DSAGroup to call DSA.sign(...), freenet.crypt.Global > defines three DSAGroups, but I don't know what are the differences > between them The group is really just part of the public key. Those are three default groups, but I believe we always serialize the group with the public key nowadays anyways, so you can really ignore them. > 9. I need a java.util.Random instance to call DSA.sign(...). Can I > simply create one with new java.util.Random()?. Beware of system PRNGs. There is one in freenet.crypt.Yarrow that should be secure (you may want to feed it some entropy). <> > The only question that would remain if all of my assumption above were > correct is: > > Is there any way to create an instance of DSAPublicKey when I only now > the SSK public key String, which is the public key fingerprint? > Or does the complete public key (which is much longer than the > fingerprint) needs to be published for message verification to work? You need to have the full public key (and group) to verify the signature, it cannot be derived from the fingerprint. It is a two step process: the fingerprint authenticates the public key, and the public key authenicates the data (actually three, since the public key actually authenticates the digest that authenticates the data). Note also that signatures have absolutely no value unless the root of the authenication, in this case the fingerprint, is received from some other source then the message itself. In SSK URIs, the signatures verify that the data you receive is that which your source of the URI intended you to get - I haven't really been paying attention to this discussion, but if these messages are just being broadcast around, what good will the signature do anyone? -- Oskar Sandberg [EMAIL PROTECTED] _______________________________________________ devl mailing list [EMAIL PROTECTED] http://hawk.freenetproject.org/cgi-bin/mailman/listinfo/devl
