>
> I need to find this out, and I should include a description of how to make
> CHk hashes as well.
For KSKs, simply hash with SHA-1 the utf-8 encoded keyword to obtain the
160 bit private key, x. The rest of the procedure is the same as for
svks:
1) Generate the public key: y = g^x mod p
2) (SVK only) If a document-name exists, hash that with SHA-1, add
the storable "Storable.Document-name" with that value.
d=hash(Document name)
3) Hash the document name digest (if its an SVK and its set) and the
bytes of the public key (y) in MPI format (as described in
fncrypto.pdf). This produces the SVK itself.
keyVal = hash(d + y)
Remember, Document-name isn't allowed in KSKs, so this would be just
hash(y).
4) Encrypt the data and generate the hash of the encrypted content.
4a) For SVKs, generate a random key for the chosen cipher.
4b) For KSKs, use the UTF-8 bytes of the keyword as input to the
key generation algorithm in fncrypto.pdf
m = hash(Encrypted Data)
5) Sign the hash with DSA, producing the signature standard's 'r' and 's'
values.
r,s = sign(p,q,g,k,m)
(k is a random nonce, recommended to be between 128 and 256 bits in
length)
5a) For SVK's, it is possible to specify a custom DSA group. If
such a group is present, add the storable "Storable.Group", which
should contain a hex-encoded MPI triplet of the form "p,q,g", where
p, q, and g refer to values in the Digital Signature Standard.
If no such custom group is specified, do not add a storable, but
use DSA Group B, defined in Freenet.crypt.Global. The values are
defined below:
p:
c9381f278f7312c7fffffffffffffffffffffffffffffffff
fffffffa8a6d5db1ab21047302cf6076102e67559e1569484
6e3c7ceb4e18b6c652aedcfb337af057bdc12dcfc452d3ae4
cfc5c3b7586804d4983bd5370db5512cf313e9a2c9c138c60
2901135c4cfbcbe92d29fe744831f63e3273908c4f62f2129
1840350f1e5
q:
c88fa2a0b1e70ba3876a35140fddce3c683706ad
g:
65d3ccb70df16dc08822be40736bf951383f6c03ddfd51c1a
41627fafb2b7f74a1e65ade0ab9f7c189c497cfb6fe6e9e7b
a4160d7fd15bae68bff0e4a96f412e85924bcc89fee431406
13afd124f425f891a2d3022f0a0444692e510fc5310360a21
e3f729ab93f2ad81b0bbe27d86bc65cf385036969ede2473e
6017df36d12
5b) For KSKs, you *must* use DSA Group A, also defined in Global.java.
Its values are below:
p:
b9850e5e9607d50d000000000000000000000000000000000
00000002cdc65f1e9a7dccb571627333dd0520bf0deb206d7
c2937330a7d6e73cec4928b172c7e8ea04cc075d18db1340d
ac2065cbce69c5ff20b4bca2d89d2932204149a3b6811be27
458e7d2518edf9bf4417acb1e79243fe6ae1eac68cef6d655
43c47c1f795
q:
cfabfbd9fa4661010d9d11d0c381bb574da72667
g:
2668d2935bdd27dad0a1f469c69c6f7e7bd5a3ea73adc6bc0
a781c0a276993a0cdbb575635423744dd2e2fbd7e962ac5b4
b79632f030ddef166c53cb002f692e2fd927f17e3e6bd404f
573207557972c630c01e6cc8b37fb348ad2686f4b4e3e681d
9ced93cde9f30a2f17380204274141dce60c6151ef1b7acd0
39ab1227fcd
6) Add the storable "Storable.Signature", which should contain a
hex-encoded MPI tuple of the form "r,s".
7) Append the keytype to the key value calculated in step 3:
key = keyVal + keyNumber
7a) For SVKs, the keynumber is 0x0201
7b) For KSKs, the keynumber is 0x0202
8) Append a single null byte (0x00) to the encrypted data. This serves
as the control-byte "CB_OK" that indicates a valid data packet.
9) Insert the data under the key calculated in step 7, with the
storables accumulated, and the encrypted data. Note that document
encryption should proceed as outlined in the document-encryption
(end-to-end) specs.
----
Ask oskar about the CHK hashes.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL:
<https://emu.freenetproject.org/pipermail/devl/attachments/20000807/f5ed63ea/attachment.pgp>
