Arati:
Hello! Thanks for the analysis of the Kaboodle
partnership file. Three comments:
1. To summarize, the file is "Header + Information of first user +
Information of second user + Signature" where the signature
is taken on everything but itself...correct?
2. What is the default public key length? In the new version,
we should use openssl dsa to key generation (it defaults to
512 bits).
3. What is the key-length of the server's private key, used for
signing files?
Thanks!
-Scott
On Fri, 4 Oct 2002, team wrote:
> Hi Scott,
>
> This is what web script is writing in the partnership file.
> Contents of the partnership file are-
> Header: -
> Signature + version i.e. "EchoFree Partnership File" + "1.00" +
> Information of first user: -
> Partnership file name (First name of user1 + first name user2 + .ecf) +
> User First Name + User Last Name + Email Address +IP Address + length of
> public key + public key +
>
> Information of second user: -
> User First Name + User Last Name + Email Address +IP Address + length of
> public key + public key +
>
> Signed message: -
> Data length of signature + signature (dtSignedDataLen, Header,
> UserData1, length public key of for user1, public key of for user1,
> UserData2, length public key of for user2, public key of for user2)
>
> Note- to sign, web script is using CryptoControl object.
> '+' Sign shows the concatenation of string.
>
> Thanks,
> Arati
>
> ----- Original Message -----
> From: "Sonia Soman" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, October 03, 2002 7:03 PM
> Subject: Attn: Arati----Fw: A problem of Partnership file signature (fwd)
>
>
> >
> > ----- Original Message -----
> > From: "Scott C. Best" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Wednesday, October 02, 2002 6:26 PM
> > Subject: A problem of Partnership file signature (fwd)
> >
> >
> > > Sonia:
> > >
> > > Could you ask Arati: was exactly are the contents
> > > of the Partnership file that the web-scripts create? We may
> > > need to re-design what's put into the files, but I don't
> > > think so...
> > >
> > > -Scott
> > >
> > >
> > > ---------- Forwarded message ----------
> > > Date: Wed, 2 Oct 2002 17:26:49 +0400
> > > From: Igor Kotelevsky <[EMAIL PROTECTED]>
> > > To: Scott C. Best <[EMAIL PROTECTED]>
> > > Subject: A problem of Partnership file signature
> > >
> > > Hello Scott.
> > > I have some problem in the Partnership file generating because of
> > > - I don't familiar with MS Crypto Api very good,
> > > - the Partnership file contains some data (near the middle of the file),
> > > which looks like a signature, but that data don't check both by
> > Kaboodle.exe
> > > or GetEngaged.exe.
> > > Please send me source code (script) of the Website
> > > http://www.getengaged.net/
> > > and/or some additional data about format of Partnership file and
> algorithm
> > > of signature.
> > >
> > > - Igor
> > >
> > > ----- Original Message -----
> > > From: "Scott C. Best" <[EMAIL PROTECTED]>
> > > To: "Igor Kotelevsky" <[EMAIL PROTECTED]>
> > > Cc: <[EMAIL PROTECTED]>
> > > Sent: Wednesday, September 25, 2002 9:36 AM
> > > Subject: Re: 21 Sept bug report
> > >
> > >
> > > > 4. We need a way for users to generate Partnership files without
> > > > going to our servers. Presume that users also have GPG
> > > > installed, and have each other's public keys already. They
> > > > need a way to generate the file via Kaboodle and we need
> > > > a way for Kaboodle to verify the integrity of the file when
> > > > it's received (ie, checking it against their GPG private
> > > > key). We should also add GPG to the Components list.
> > >
> > >
> > >
> > >
> > >
> >
> >
>
>
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Kaboodle-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/kaboodle-devel
