projects / epoint / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 638179c)
update key to new p,q,g
authornsz <nsz@port70.net>
Thu, 8 Dec 2011 14:52:03 +0000 (15:52 +0100)
committernsz <nsz@port70.net>
Thu, 8 Dec 2011 14:52:03 +0000 (15:52 +0100)
pkg/key/key.go patch | blob | history
pkg/key/key_test.go patch | blob | history

diff --git a/pkg/key/key.go b/pkg/key/key.go
index 195b7c5..67fac98 100644 (file)
--- a/pkg/key/key.go
+++ b/pkg/key/key.go
@@ -1,3 +1,18 @@
+// Package key implements epoint key pair generation and handling.
+//
+// An epoint key is an OpenPGP signing key that contains a self-signed
+// user id packet which matches
+//     "Issuer (<denomination>)"
+// or
+//     "Holder of <issuer fpr> (<denomination>)"
+//
+// The OpenPGP DSA key material is generated from a random seed using
+// a deterministic algorithm. (The self-signature is not deterministic
+// but the key material and thus the fingerprint is.)
+// This makes it possible to represent an obligation issuer or holder key
+// pair with a few bits of secret random seed.
+// (The user id only needs to be set up correctly when the key is uploaded
+// to the epoint server, it is not required for signing draft documents.)
 package key
 
 import (
@@ -12,9 +27,12 @@ import (
        "math/big"
 )
 
-const P = "C1773C0DEF5C1D75BA556137CBCE0F6EE534034FCE503D7ED1FF7A27E8638EAC3BD627C734E08D1D828B52C39EB602DC63D9544D1734A981AE2408F8037305B548EFE457E2A79EB511CFF11A0C3DB05CF64971A6AF3EF191D3EBA0841AAAC3BECF4B6CF199EDD59C732BA642A0074BAE1DC3CF724F830930C898B1865F597EF7"
-const Q = "DCA9E7C9FDC18CB0B8E9A80E487F96438147EF75"
-const G = "502FF28CC4D7BC1100123C9227994341C29773BFBD8D7E8FFED6D87A9D82FE573744AC8E4CCAE93E3A017A6388921CA5B0C9349B249EF87AB30AE01B3C9FD723001CB25E560CA6C25EDFC97613B41346D0597C2ECA2BED7BC6C9A032049B3FFF9AED462D09651A5995DB8E5E111384AC7B62CBAD827009269FC79D3E4E6D8AA3"
+// TODO: keep denomination only in issuer key?
+// TODO: cleanup
+
+const P = "A4D2B9575C25F0E622B8694387128A793E1AD27D12FFF4B5BA11A37CEFD31C935BCBB0A944581A6E6DA12986FCBA9D666607D71D365C286B9BCB57F6D938BE74982B7D770CE438F03B0A20ABA02E5691458C39D96E6E86AE564176ED1A6DFBAFB6EE7674CC5EDCF9FEB6158471FB3FAB53BA1CE1BA64C5626B9E8585FCEF5D31"
+const Q = "FFFFFFFFFFFFFFFFFFFF254EAF9E7916D607AAAF"
+const G = "7EA5C898777BE4BB29DCDC47289E718F7274C9CD7E570D3D552F3B3EE43C3DEF7BA68E57786926520CCAC71DBA13F37C4064395D5AF3334A04ABD8CED5E7FF476C661953936E8ADDE96A39D8C4AC1080A2BE3FE863A24B08BD43827E54AFADA72433704EA3C12E50E5BD08C130C68A1402FC20DA79CFE0DE931C414348D32B10"
 
 func PrivKey(r []byte) *dsa.PrivateKey {
        priv := new(dsa.PrivateKey)
@@ -22,24 +40,16 @@ func PrivKey(r []byte) *dsa.PrivateKey {
        priv.Parameters.Q, _ = new(big.Int).SetString(Q, 16)
        priv.Parameters.G, _ = new(big.Int).SetString(G, 16)
 
-       // q > 2^159 prime
-       // x = sha1(r)
-       // if x == 0 then x = q - 1
-       // if x == q then x = q - 2
-       // if x > q  then x = x mod q
-
        x := new(big.Int)
-       h := sha1.New()
-       h.Write(r)
-       x.SetBytes(h.Sum())
-       if x.Sign() == 0 {
-               x.Sub(priv.Q, big.NewInt(1))
-       }
-       switch x.Cmp(priv.Q) {
-       case 0:
-               x.Sub(priv.Q, big.NewInt(2))
-       case 1:
-               x.Sub(x, priv.Q)
+       for {
+               h := sha1.New()
+               h.Write(r)
+               r = h.Sum()
+               x.SetBytes(r)
+               if x.Sign() == 1 && x.Cmp(priv.Q) < 0 {
+                       break
+               }
+               // rarely reachable
        }
        priv.X = x
        priv.Y = new(big.Int)
diff --git a/pkg/key/key_test.go b/pkg/key/key_test.go
index 34df359..cfe912c 100644 (file)
--- a/pkg/key/key_test.go
+++ b/pkg/key/key_test.go
@@ -1,4 +1,4 @@
-package dsakey
+package key
 
 import (
        "bytes"
epoint