[cryptography] Duplicate primes in lots of RSA moduli

Werner Koch wk at gnupg.org
Thu Feb 16 06:05:32 EST 2012

On Thu, 16 Feb 2012 11:00, fw at deneb.enyo.de said:

> In X.509, certification signatures cover the value of the notAfter
> attribute.  If I'm not mistaken, this is true for V3 keys as well.

Right.  They are also covered by the fingerprint (The fingerprint used
for X.509 is only a de-facto standard).

> However, when a V4 key is signed, the certification signature does not
> cover the expiration date.  The key holder (legitimate or not) can

Wrong.  Look at my key:

  :public key packet:
          version 4, algo 17, created 1199118275, expires 0
          pkey[0]: [2048 bits]
          pkey[1]: [224 bits]
          pkey[2]: [2046 bits]
          pkey[3]: [2048 bits]
  :user ID packet: "Werner Koch <wk at g10code.com>"
  :signature packet: algo 17, keyid F2AD85AC1E42B367
          version 4, created 1199118881, md5len 0, sigclass 0x13
          digest algo 11, begin of digest 2a 29
          hashed subpkt 27 len 1 (key flags: 03)
          hashed subpkt 9 len 4 (key expires after 11y2d12h35m)
          subpkt 16 len 8 (issuer key ID F2AD85AC1E42B367)
The signature packet is the certification for the key and user id.  A
signature packet consist of subpackets which may either be hashed or
unhashed.  Hashed subpackets are part of the signed material and thus
can't be removed.

You are right that RFC4880 does not demand that the key expiration date
is put into a hashed subpacket.  But not doing so would be stupid.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the cryptography mailing list