rfc1991.txt

著名的RFC文档,其中有一些文档是已经翻译成中文的的.

Network Working Group                                          D. Atkins
Request for Comments: 1991                                           MIT
Category: Informational                                     W. Stallings
                                                    Comp-Comm Consulting
                                                           P. Zimmermann
                                            Boulder Software Engineering
                                                             August 1996


                      PGP Message Exchange Formats

Status of This Memo

   This memo provides information for the Internet community.  This memo
   does not specify an Internet standard of any kind.  Distribution of
   this memo is unlimited.

Table of Contents

   1.    Introduction............................................2
   2.    PGP Services............................................2
   2.1   Digital signature.......................................3
   2.2   Confidentiality.........................................3
   2.3   Compression.............................................4
   2.4   Radix-64 conversion.....................................4
   2.4.1 ASCII Armor Formats.....................................5
   3.    Data Element Formats....................................6
   3.1   Byte strings............................................6
   3.2   Whole number fields.....................................7
   3.3   Multiprecision fields...................................7
   3.4   String fields...........................................8
   3.5   Time fields.............................................8
   4.    Common Fields...........................................8
   4.1   Packet structure fields.................................8
   4.2   Number ID fields.......................................10
   4.3   Version fields.........................................10
   5.    Packets................................................10
   5.1   Overview...............................................10
   5.2   General Packet Structure...............................11
   5.2.1 Message component......................................11
   5.2.2 Signature component....................................11
   5.2.3 Session key component..................................11
   6.    PGP Packet Types.......................................12
   6.1   Literal data packets...................................12
   6.2   Signature packets......................................13
   6.2.1 Message-digest-related fields..........................14
   6.2.2 Public-key-related fields..............................15
   6.2.3 RSA signatures.........................................16



Atkins, et. al.              Informational                      [Page 1]

RFC 1991              PGP Message Exchange Formats           August 1996


   6.2.4 Miscellaneous fields...................................16
   6.3   Compressed data packets................................17
   6.4   Conventional-key-encrypted data packets................17
   6.4.1 Conventional-encryption type byte......................18
   6.5   Public-key-encrypted packets...........................18
   6.5.1 RSA-encrypted data encryption key (DEK)................19
   6.6   Public-key Packets.....................................19
   6.7   User ID packets........................................20
   7.    Transferable Public Keys...............................20
   8.    Acknowledgments........................................20
   9.    Security Considerations................................21
   10.   Authors' Addresses.....................................21

1. Introduction

   PGP (Pretty Good Privacy) uses a combination of public-key and
   conventional encryption to provide security services for electronic
   mail messages and data files.  These services include confidentiality
   and digital signature.  PGP is widely used throughout the global
   computer community.  This document describes the format of "PGP
   files", i.e., messages that have been encrypted and/or signed with
   PGP.

   PGP was created by Philip Zimmermann and first released, in Version
   1.0, in 1991. Subsequent versions have been designed and implemented
   by an all-volunteer collaborative effort under the design guidance of
   Philip Zimmermann.  PGP and Pretty Good Privacy are trademarks of
   Philip Zimmermann.

   This document describes versions 2.x of PGP.  Specifically, versions
   2.6 and 2.7 conform to this specification.  Version 2.3 conforms to
   this specification with minor differences.

   A new release of PGP, known as PGP 3.0, is anticipated in 1995. To
   the maximum extent possible, this version will be upwardly compatible
   with version 2.x. At a minimum, PGP 3.0 will be able to read messages
   and signatures produced by version 2.x.

2. PGP Services

   PGP provides four services related to the format of messages and data
   files: digital signature, confidentiality, compression, and radix-64
   conversion.








Atkins, et. al.              Informational                      [Page 2]

RFC 1991              PGP Message Exchange Formats           August 1996


2.1 Digital signature

   The digital signature service involves the use of a hash code, or
   message digest, algorithm, and a public-key encryption algorithm. The
   sequence is as follows:

     -the sender creates a message
     -the sending PGP generates a hash code of the message
     -the sending PGP encrypts the hash code using the sender's private
      key
     -the encrypted hash code is prepended to the message
     -the receiving PGP decrypts the hash code using the sender's public
      key
     -the receiving PGP generates a new hash code for the received
      message and compares it to the decrypted hash code. If the two
      match, the message is accepted as authentic

   Although signatures normally are found attached to the message or
   file that they sign, this is not always the case: detached signatures
   are supported. A detached signature may be stored and transmitted
   separately from the message it signs.  This is useful in several
   contexts. A user may wish to maintain a separate signature log of all
   messages sent or received.  A detached signature of an executable
   program can detect subsequent virus infection. Finally, detached
   signatures can be used when more than one party must sign a document,
   such as a legal contract.  Each person's signature is independent and
   therefore is applied only to the document. Otherwise, signatures
   would have to be nested, with the second signer signing both the
   document and the first signature, and so on.

2.2 Confidentiality

   PGP provides confidentiality by encrypting messages to be transmitted
   or data files to be stored locally using conventional encryption. In
   PGP, each conventional key is used only once. That is, a new key is
   generated as a random 128-bit number for each message. Since it is to
   be used only once, the session key is bound to the message and
   transmitted with it.  To protect the key, it is encrypted with the
   receiver's public key. The sequence is as follows:

     -the sender creates a message
     -the sending PGP generates a random number to be used as a session
      key for this message only
     -the sending PGP encrypts the message using the session key
     -the session key is encrypted using the recipient's public key and
      prepended to the encrypted message
     -the receiving PGP decrypts the session key using the recipient's
      private key



Atkins, et. al.              Informational                      [Page 3]

RFC 1991              PGP Message Exchange Formats           August 1996


     -the receiving PGP decrypts the message using the session key

   Both digital signature and confidentiality services may be applied to
   the same message. First, a signature is generated for the message and
   prepended to the message.  Then, the message plus signature is
   encrypted using a conventional session key. Finally, the session key
   is encrypted using public-key encryption and prepended to the
   encrypted block.

2.3 Compression

   As a default, PGP compresses the message after applying the signature
   but before encryption.

2.4 Radix-64 conversion

   When PGP is used, usually part of the block to be transmitted is
   encrypted. If only the signature service is used, then the message
   digest is encrypted (with the sender's private key). If the
   confidentiality service is used, the message plus signature (if
   present) are encrypted (with a one-time conventional key). Thus, part
   or all of the resulting block consists of a stream of arbitrary 8-bit
   bytes.  However, many electronic mail systems only permit the use of
   blocks consisting of ASCII text. To accommodate this restriction, PGP
   provides the service of converting the raw 8-bit binary stream to a
   stream of printable ASCII characters, called ASCII Armor.

   The scheme used for this purpose is radix-64 conversion. Each group
   of three bytes of binary data is mapped into 4 ASCII characters. This
   format also appends a CRC to detect transmission errors.  This
   radix-64 conversion, also called Ascii Armor, is a wrapper around the
   binary PGP messages, and is used to protect the binary messages
   during transmission over non-binary channels, such as Internet Email.

   The following table defines the mapping.  The characters used are the
   upper- and lower-case letters, the digits 0 through 9, and the
   characters + and /.  The carriage-return and linefeed characters
   aren't used in the conversion, nor is the tab or any other character
   that might be altered by the mail system. The result is a text file
   that is "immune" to the modifications inflicted by mail systems.











Atkins, et. al.              Informational                      [Page 4]

RFC 1991              PGP Message Exchange Formats           August 1996


   6-bit character   6-bit character   6-bit character   6-bit character
   value encoding  value  encoding    value   encoding    value encoding
   0        A        16        Q        32        g        48        w
   1        B        17        R        33        h        49        x
   2        C        18        S        34        i        50        y
   3        D        19        T        35        j        51        z
   4        E        20        U        36        k        52        0
   5        F        21        V        37        l        53        1
   6        G        22        W        38        m        54        2
   7        H        23        X        39        n        55        3
   8        I        24        Y        40        o        56        4
   9        J        25        Z        41        p        57        5
   1        K        26        a        42        q        58        6
   11       L        27        b        43        r        59        7
   12       M        28        c        44        s        60        8
   13       N        29        d        45        t        61        9
   14       O        30        e        46        u        62        +
   15       P        31        f        47        v        63        /
                                                         (pad)       =

   It is possible to use PGP to convert any arbitrary file to ASCII
   Armor.  When this is done, PGP tries to compress the data before it
   is converted to Radix-64.

2.4.1 ASCII Armor Formats

   When PGP encodes data into ASCII Armor, it puts specific headers
   around the data, so PGP can reconstruct the data at a future time.
   PGP tries to inform the user what kind of data is encoded in the
   ASCII armor through the use of the headers.

   ASCII Armor is created by concatenating the following data:

        - An Armor Headerline, appropriate for the type of data
        - Armor Headers
        - A blank line
        - The ASCII-Armored data
        - An Armor Checksum
        - The Armor Tail (which depends on the Armor Headerline).

   An Armor Headerline is composed by taking the appropriate headerline
   text surrounded by five (5) dashes (-) on either side of the
   headerline text.  The headerline text is chosen based upon the type
   of data that is being encoded in Armor, and how it is being encoded.
   Headerline texts include the following strings:

    BEGIN PGP MESSAGE -- used for signed, encrypted, or compressed files
    BEGIN PGP PUBLIC KEY BLOCK -- used for transferring public keys



Atkins, et. al.              Informational                      [Page 5]

RFC 1991              PGP Message Exchange Formats           August 1996


    BEGIN PGP MESSAGE, PART X/Y -- used for multi-part messages, where
                                    the armor is split amongst Y files,
                                    and this is the Xth file out of Y.

   The Armor Headers are pairs of strings that can give the user or the
   receiving PGP program some information about how to decode or use the
   message.  The Armor Headers are a part of the armor, not a part of
   the message, and hence should not be used to convey any important
   information, since they can be changed in transport.