mirror of git://git.gnupg.org/gnupg.git
109 lines
3.7 KiB
Plaintext
109 lines
3.7 KiB
Plaintext
|
|
|
|
* For packet version 3 we calculate the keyids this way:
|
|
RSA := low 64 bits of n
|
|
ELGAMAL := build a v3 pubkey packet (with CTB 0x99) and calculate
|
|
a rmd160 hash value from it. This is used as the
|
|
fingerprint and the low 64 bits are the keyid.
|
|
|
|
|
|
|
|
|
|
Layout of the TrustDB
|
|
=====================
|
|
The TrustDB is build from fixed length records, where the first bytes
|
|
describes the record type. All numeric values are stored in network
|
|
byte order. The length of each record is 40 bytes. The first record of
|
|
the DB is always of type 1 and this is the only record of this type.
|
|
|
|
Record type 0:
|
|
--------------
|
|
Unused record, can be reused for any purpose.
|
|
|
|
Record type 1:
|
|
--------------
|
|
Version information for this TrustDB. This is always the first
|
|
record of the DB and the onyl one with type 1.
|
|
1 byte value 1
|
|
3 bytes 'g10' magic value
|
|
1 byte Version of the TrustDB
|
|
3 byte reserved
|
|
1 u32 locked by (pid) 0 = not locked.
|
|
1 u32 timestamp of trustdb creation
|
|
1 u32 timestamp of last modification
|
|
1 u32 timestamp of last validation
|
|
(Used to keep track of the time, when this TrustDB was checked
|
|
against the pubring)
|
|
1 u32 Local-Id-Counter. Used to keep track of Local-IDs.
|
|
32 bits are enough numbers for all practial purposes; if this
|
|
counter rolls over (due to deleted keyblock,an d new ones),
|
|
the software should reassign new Local-Ids to the whole
|
|
database (not expected to ever occur).
|
|
1 byte marginals needed
|
|
1 byte completes needed
|
|
1 byte max. cert depth
|
|
If any of this 3 values are changed, all cache records
|
|
muts be invalidated.
|
|
9 bytes reserved
|
|
|
|
Record type 2:
|
|
--------------
|
|
Informations about a public key certificate.
|
|
|
|
1 byte value 2
|
|
1 byte reserved
|
|
1 u32 Local-Id. This is used to bind all records for
|
|
a given certificate together. It is valid only in this TrustDB
|
|
and usefull if we have duplicate keyids
|
|
It is not defined, how an implementaion selects such
|
|
a Local-Id, but it may use the local-ID counter from
|
|
record type 1
|
|
8 bytes keyid (of the primary key)
|
|
1 byte pubkey algorithm
|
|
1 byte reserved
|
|
20 bytes fingerprint of the public key
|
|
1 byte ownertrust:
|
|
Bits 2-0:
|
|
0 = undefined (not yet initialized)
|
|
1 = unknown owner (could not initialize it)
|
|
2 = do not trust this owner
|
|
3 = usually trust this owner
|
|
4 = always trust this owner
|
|
5 = ultimately trust this owner. This can only be set if
|
|
we have control over the secret key too.
|
|
Bit 3: set if key is revoked; do not use it.
|
|
Bit 7-4: reserved
|
|
3 byte reserved
|
|
|
|
|
|
Record type 3: (cache record)
|
|
--------------
|
|
Used to bind the trustDB to the concrete instance of keyblock in
|
|
a pubring. This is used to cache informations.
|
|
|
|
1 byte value 3
|
|
1 byte reserved
|
|
1 u32 Local-Id.
|
|
8 bytes keyid of the primary key
|
|
1 byte cache-is-valid the following stuff is only
|
|
valid if this is set.
|
|
1 byte reserved
|
|
20 bytes rmd160 hash value over the complete keyblock
|
|
This is used to detect any changes of the keyblock with all
|
|
CTBs and lengths headers. Calculation is easy if the keyblock
|
|
is optained from a keyserved: simply create the hash from all
|
|
received data bytes.
|
|
|
|
1 byte number of untrusted signatures.
|
|
1 byte number of marginal trusted signatures.
|
|
1 byte number of fully trusted signatures.
|
|
(255 is stored for all values greater than 254)
|
|
1 byte Trustlevel
|
|
0 = undefined (not calculated)
|
|
1 = unknown
|
|
2 = not trusted
|
|
3 = marginally trusted
|
|
4 = fully trusted
|
|
5 = ultimately trusted (have secret key too).
|
|
|