- \ We keep the value if the signature is either 1 (RSA)
- \ or 3 (ECDSA), and the hash is one of the SHA-* functions
- \ (2 to 6, from SHA-1 to SHA-512); we reject MD5.
- hash 2 >= hash 6 <= and
- sign 1 = sign 3 = or
- and if
- hashes 1 sign 1- 2 << hash + << or >hashes
+
+ \ If hash is 0x08 then this is a "new algorithm" identifier,
+ \ and we set the corresponding bit if it is in the 0..15
+ \ range. Otherwise, we keep the value only if the signature
+ \ is either 1 (RSA) or 3 (ECDSA), and the hash is one of the
+ \ SHA-* functions (2 to 6). Note that we reject MD5.
+ hash 8 = if
+ sign 15 <= if
+ 1 sign 16 + << hashes or >hashes
+ then
+ else
+ hash 2 >= hash 6 <= and
+ sign 1 = sign 3 = or
+ and if
+ hashes 1 sign 1- 2 << hash + << or >hashes
+ then