📄 rfc2440.txt
字号:
Network Working Group J. CallasRequest for Comments: 2440 Network AssociatesCategory: Standards Track L. Donnerhacke IN-Root-CA Individual Network e.V. H. Finney Network Associates R. Thayer EIS Corporation November 1998 OpenPGP Message FormatStatus of this Memo This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.Copyright Notice Copyright (C) The Internet Society (1998). All Rights Reserved.IESG Note This document defines many tag values, yet it doesn't describe a mechanism for adding new tags (for new features). Traditionally the Internet Assigned Numbers Authority (IANA) handles the allocation of new values for future expansion and RFCs usually define the procedure to be used by the IANA. However, there are subtle (and not so subtle) interactions that may occur in this protocol between new features and existing features which result in a significant reduction in over all security. Therefore, this document does not define an extension procedure. Instead requests to define new tag values (say for new encryption algorithms for example) should be forwarded to the IESG Security Area Directors for consideration or forwarding to the appropriate IETF Working Group for consideration.Abstract This document is maintained in order to publish all necessary information needed to develop interoperable applications based on the OpenPGP format. It is not a step-by-step cookbook for writing an application. It describes only the format and methods needed to read, check, generate, and write conforming packets crossing any network. It does not deal with storage and implementation questions. It does,Callas, et. al. Standards Track [Page 1]
RFC 2440 OpenPGP Message Format November 1998 however, discuss implementation issues necessary to avoid security flaws. Open-PGP software uses a combination of strong public-key and symmetric cryptography to provide security services for electronic communications and data storage. These services include confidentiality, key management, authentication, and digital signatures. This document specifies the message formats used in OpenPGP.Table of Contents Status of this Memo 1 IESG Note 1 Abstract 1 Table of Contents 2 1. Introduction 4 1.1. Terms 5 2. General functions 5 2.1. Confidentiality via Encryption 5 2.2. Authentication via Digital signature 6 2.3. Compression 7 2.4. Conversion to Radix-64 7 2.5. Signature-Only Applications 7 3. Data Element Formats 7 3.1. Scalar numbers 8 3.2. Multi-Precision Integers 8 3.3. Key IDs 8 3.4. Text 8 3.5. Time fields 9 3.6. String-to-key (S2K) specifiers 9 3.6.1. String-to-key (S2k) specifier types 9 3.6.1.1. Simple S2K 9 3.6.1.2. Salted S2K 10 3.6.1.3. Iterated and Salted S2K 10 3.6.2. String-to-key usage 11 3.6.2.1. Secret key encryption 11 3.6.2.2. Symmetric-key message encryption 11 4. Packet Syntax 12 4.1. Overview 12 4.2. Packet Headers 12 4.2.1. Old-Format Packet Lengths 13 4.2.2. New-Format Packet Lengths 13 4.2.2.1. One-Octet Lengths 14 4.2.2.2. Two-Octet Lengths 14 4.2.2.3. Five-Octet Lengths 14 4.2.2.4. Partial Body Lengths 14 4.2.3. Packet Length Examples 14Callas, et. al. Standards Track [Page 2]
RFC 2440 OpenPGP Message Format November 1998 4.3. Packet Tags 15 5. Packet Types 16 5.1. Public-Key Encrypted Session Key Packets (Tag 1) 16 5.2. Signature Packet (Tag 2) 17 5.2.1. Signature Types 17 5.2.2. Version 3 Signature Packet Format 19 5.2.3. Version 4 Signature Packet Format 21 5.2.3.1. Signature Subpacket Specification 22 5.2.3.2. Signature Subpacket Types 24 5.2.3.3. Signature creation time 25 5.2.3.4. Issuer 25 5.2.3.5. Key expiration time 25 5.2.3.6. Preferred symmetric algorithms 25 5.2.3.7. Preferred hash algorithms 25 5.2.3.8. Preferred compression algorithms 26 5.2.3.9. Signature expiration time 26 5.2.3.10.Exportable Certification 26 5.2.3.11.Revocable 27 5.2.3.12.Trust signature 27 5.2.3.13.Regular expression 27 5.2.3.14.Revocation key 27 5.2.3.15.Notation Data 28 5.2.3.16.Key server preferences 28 5.2.3.17.Preferred key server 29 5.2.3.18.Primary user id 29 5.2.3.19.Policy URL 29 5.2.3.20.Key Flags 29 5.2.3.21.Signer's User ID 30 5.2.3.22.Reason for Revocation 30 5.2.4. Computing Signatures 31 5.2.4.1. Subpacket Hints 32 5.3. Symmetric-Key Encrypted Session-Key Packets (Tag 3) 32 5.4. One-Pass Signature Packets (Tag 4) 33 5.5. Key Material Packet 34 5.5.1. Key Packet Variants 34 5.5.1.1. Public Key Packet (Tag 6) 34 5.5.1.2. Public Subkey Packet (Tag 14) 34 5.5.1.3. Secret Key Packet (Tag 5) 35 5.5.1.4. Secret Subkey Packet (Tag 7) 35 5.5.2. Public Key Packet Formats 35 5.5.3. Secret Key Packet Formats 37 5.6. Compressed Data Packet (Tag 8) 38 5.7. Symmetrically Encrypted Data Packet (Tag 9) 39 5.8. Marker Packet (Obsolete Literal Packet) (Tag 10) 39 5.9. Literal Data Packet (Tag 11) 40 5.10. Trust Packet (Tag 12) 40 5.11. User ID Packet (Tag 13) 41 6. Radix-64 Conversions 41Callas, et. al. Standards Track [Page 3]
RFC 2440 OpenPGP Message Format November 1998 6.1. An Implementation of the CRC-24 in "C" 42 6.2. Forming ASCII Armor 42 6.3. Encoding Binary in Radix-64 44 6.4. Decoding Radix-64 46 6.5. Examples of Radix-64 46 6.6. Example of an ASCII Armored Message 47 7. Cleartext signature framework 47 7.1. Dash-Escaped Text 47 8. Regular Expressions 48 9. Constants 49 9.1. Public Key Algorithms 49 9.2. Symmetric Key Algorithms 49 9.3. Compression Algorithms 50 9.4. Hash Algorithms 50 10. Packet Composition 50 10.1. Transferable Public Keys 50 10.2. OpenPGP Messages 52 10.3. Detached Signatures 52 11. Enhanced Key Formats 52 11.1. Key Structures 52 11.2. Key IDs and Fingerprints 53 12. Notes on Algorithms 54 12.1. Symmetric Algorithm Preferences 54 12.2. Other Algorithm Preferences 55 12.2.1. Compression Preferences 56 12.2.2. Hash Algorithm Preferences 56 12.3. Plaintext 56 12.4. RSA 56 12.5. Elgamal 57 12.6. DSA 58 12.7. Reserved Algorithm Numbers 58 12.8. OpenPGP CFB mode 58 13. Security Considerations 59 14. Implementation Nits 60 15. Authors and Working Group Chair 62 16. References 63 17. Full Copyright Statement 651. Introduction This document provides information on the message-exchange packet formats used by OpenPGP to provide encryption, decryption, signing, and key management functions. It builds on the foundation provided in RFC 1991 "PGP Message Exchange Formats."Callas, et. al. Standards Track [Page 4]
RFC 2440 OpenPGP Message Format November 19981.1. Terms * OpenPGP - This is a definition for security software that uses PGP 5.x as a basis. * PGP - Pretty Good Privacy. PGP is a family of software systems developed by Philip R. Zimmermann from which OpenPGP is based. * PGP 2.6.x - This version of PGP has many variants, hence the term PGP 2.6.x. It used only RSA, MD5, and IDEA for its cryptographic transforms. An informational RFC, RFC 1991, was written describing this version of PGP. * PGP 5.x - This version of PGP is formerly known as "PGP 3" in the community and also in the predecessor of this document, RFC 1991. It has new formats and corrects a number of problems in the PGP 2.6.x design. It is referred to here as PGP 5.x because that software was the first release of the "PGP 3" code base. "PGP", "Pretty Good", and "Pretty Good Privacy" are trademarks of Network Associates, Inc. and are used with permission. This document uses the terms "MUST", "SHOULD", and "MAY" as defined in RFC 2119, along with the negated forms of those terms.2. General functions OpenPGP provides data integrity services for messages and data files by using these core technologies: - digital signatures - encryption - compression - radix-64 conversion In addition, OpenPGP provides key management and certificate services, but many of these are beyond the scope of this document.2.1. Confidentiality via Encryption OpenPGP uses two encryption methods to provide confidentiality: symmetric-key encryption and public key encryption. With public-key encryption, the object is encrypted using a symmetric encryption algorithm. Each symmetric key is used only once. A new "session key" is generated as a random number for each message. Since it is usedCallas, et. al. Standards Track [Page 5]
RFC 2440 OpenPGP Message Format November 1998 only once, the session key is bound to the message and transmitted with it. To protect the key, it is encrypted with the receiver's public key. The sequence is as follows: 1. The sender creates a message. 2. The sending OpenPGP generates a random number to be used as a session key for this message only. 3. The session key is encrypted using each recipient's public key. These "encrypted session keys" start the message. 4. The sending OpenPGP encrypts the message using the session key, which forms the remainder of the message. Note that the message is also usually compressed. 5. The receiving OpenPGP decrypts the session key using the recipient's private key. 6. The receiving OpenPGP decrypts the message using the session key. If the message was compressed, it will be decompressed. With symmetric-key encryption, an object may be encrypted with a symmetric key derived from a passphrase (or other shared secret), or a two-stage mechanism similar to the public-key method described above in which a session key is itself encrypted with a symmetric algorithm keyed from a shared secret. Both digital signature and confidentiality services may be applied to the same message. First, a signature is generated for the message and attached to the message. Then, the message plus signature is encrypted using a symmetric session key. Finally, the session key is encrypted using public-key encryption and prefixed to the encrypted block.2.2. Authentication via Digital signature The digital signature uses a hash code or message digest algorithm, and a public-key signature algorithm. The sequence is as follows: 1. The sender creates a message. 2. The sending software generates a hash code of the message. 3. The sending software generates a signature from the hash code using the sender's private key. 4. The binary signature is attached to the message.⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -