All values are represented by a sequence of newline-separated text fields. The type of any given value is determined by its context. Each type of value has a common prefix that includes an algorithm identifier, followed by a sequence of algorithm-dependent fields:
authinfo ::= signer-public-key certificate !private-key big-alpha big-p
certificate ::= sigalg hashalg signer-name exp-time *-sig
sigalg ::= rsa | dsa | elgamal
hashalg ::= sha1 | md5
*-key ::= sigalg owner-name ...
rsa-public-key ::= rsa owner-name big-n big-ek
rsa-private-key ::= rsa owner-name big-n big-ek
!big-dk !big-p !big-q !big-kp !big-kq !big-c2
dsa-public-key ::= dsa owner-name big-p big-q big-alpha big-key
dsa-private-key ::= dsa owner-name big-p big-q big-alpha big-key !big-secret
rsa-sig ::= big-val
dsa-sig ::= big-r big-s
elgamal-sig ::= big-r big-s
Each value labelled as `big-' is an unsigned multiple-precision integer from keyring-ipint(2), represented as a sequence of bytes with in big-endian order, as produced by IPint->iptobytes with an extra leading zero byte added if the top bit of the first byte is set, and then encoded in base-64 (as by encoding(2)). Each value labelled `-name' is utf (6) text not containing a newline; it is interpreted by an application and need not be a name. The expiry time exp-time is represented in decimal as seconds from the Epoch (1 January 1970 00:00 GMT); if it is zero, no expiry time is set. A label prefixed by `!' marks a value that should be considered secret.
The hash of a key is computed over its textual encoding according to the syntax above. A certificate's signature value is produced by digitally signing using sigalg the hash (using hashalg) of the concatenation of the value to be authenticated, the signer-name in utf(6), a single space, and the exp-time in decimal (with no leading zeroes). When checking a signature, comparisons are done with values in internal multiple-precision form (ie, as IPints), not in base-64 form.
KEYTEXT(6 ) | Rev: Thu Feb 15 14:43:48 GMT 2007 |