started with trust stuff

1 files changed, 102 insertions, 1 deletions

diff --git a/doc/DETAILS b/doc/DETAILS
index 3b447c79b..a3a2773fb 100644
--- a/doc/DETAILS
+++ b/doc/DETAILS
@@ -2,6 +2,107 @@
 
     * For packet version 3 we calculate the keyids this way:
 	RSA	:= low 64 bits of n
-	ELGAMAL := low 64 bits of y
+	ELGAMAL := build a v3 pubkey packet (with CTB 0x99) and calculate
+		   a rmd160 hash value from it. This is used as the
+		   fingerprint and the low 64 bits are the keyid.
 
 
+
+
+Layout of the TrustDB
+=====================
+The TrustDB is build from fixed length records, where the first bytes
+describes the record type.  All numeric values are stored in network
+byte order. The length of each record is 40 bytes. The first record of
+the DB is always of type 1 and this is the only record of this type.
+
+Record type 0:
+--------------
+    Unused record, can be reused for any purpose.
+
+Record type 1:
+--------------
+    Version information for this TrustDB.  This is always the first
+    record of the DB and the onyl one with type 1.
+     1 byte value 1
+     3 bytes 'g10'  magic value
+     1 byte Version of the TrustDB
+     3 byte reserved
+     1 u32  locked by (pid) 0 = not locked.
+     1 u32  timestamp of trustdb creation
+     1 u32  timestamp of last modification
+     1 u32  timestamp of last validation
+	    (Used to keep track of the time, when this TrustDB was checked
+	     against the pubring)
+     1 u32  Local-Id-Counter.  Used to keep track of Local-IDs.
+	    32 bits are enough numbers for all practial purposes; if this
+	    counter rolls over (due to deleted keyblock,an d new ones),
+	    the software should reassign new Local-Ids to the whole
+	    database (not expected to ever occur).
+     1 byte marginals needed
+     1 byte completes needed
+     1 byte max. cert depth
+	    If any of this 3 values are changed, all cache records
+	    muts be invalidated.
+     9 bytes reserved
+
+Record type 2:
+--------------
+    Informations about a public key certificate.
+
+     1 byte value 2
+     1 byte   reserved
+     1 u32   Local-Id.	This is used to bind all records for
+	     a given certificate together. It is valid only in this TrustDB
+	     and usefull if we have duplicate keyids
+	     It is not defined, how an implementaion selects such
+	     a Local-Id, but it may use the local-ID counter from
+	     record type 1
+     8 bytes keyid (of the primary key)
+     1 byte pubkey algorithm
+     1 byte reserved
+     20 bytes fingerprint of the public key
+     1 byte ownertrust:
+	      Bits 2-0:
+	       0 = undefined (not yet initialized)
+	       1 = unknown owner (could not initialize it)
+	       2 = do not trust this owner
+	       3 = usually trust this owner
+	       4 = always trust this owner
+	       5 = ultimately trust this owner.  This can only be set if
+		   we have control over the secret key too.
+	      Bit 3: set if key is revoked; do not use it.
+	      Bit 7-4: reserved
+     3 byte reserved
+
+
+Record type 3:	(cache record)
+--------------
+    Used to bind the trustDB to the concrete instance of keyblock in
+    a pubring. This is used to cache informations.
+
+     1 byte   value 3
+     1 byte   reserved
+     1 u32    Local-Id.
+     8 bytes  keyid of the primary key
+     1 byte   cache-is-valid the following stuff is only
+	      valid if this is set.
+     1 byte   reserved
+     20 bytes rmd160 hash value over the complete keyblock
+	      This is used to detect any changes of the keyblock with all
+	      CTBs and lengths headers. Calculation is easy if the keyblock
+	      is optained from a keyserved: simply create the hash from all
+	      received data bytes.
+
+     1 byte   number of untrusted signatures.
+     1 byte   number of marginal trusted signatures.
+     1 byte   number of fully trusted signatures.
+	      (255 is stored for all values greater than 254)
+     1 byte   Trustlevel
+		0 = undefined (not calculated)
+		1 = unknown
+		2 = not trusted
+		3 = marginally trusted
+		4 = fully trusted
+		5 = ultimately trusted (have secret key too).
+