-----BEGIN PGP SIGNED MESSAGE-----
> Isn't that too short for a 256-bit key?
Indeed, my post included a 128-bit key computation. (I also
used MD5, rather than SHA1 as asked.) Sorry about that.
For a 256-bit key, based on SHA1, I get:
I also generated a 64k-sized file and tested with "sha1sum",
getting the same first 20 bytes.
>>Sadly, GnuPG (1.2.2)'s --show-session-key doesn't seem to work on
>>symmetrically encrypted packets, but it might be easy to tweak.
> That's not what show-session-key is for. It's for, well, showing
> session keys ;)
I think you may have misread my comment as wanting to produce the
session key that protects a secret key, based on the original
I did not. I was talking about a "conventionally encrypted" message,
using a Symmetrically Encrypted Data Packet. If the S2K doesn't
include an (*optional*) encryption of the session key, then the S2K
computation result *is* the session key; I was simply trying to use
that feature to generate an S2K output to check mine.
I think that the intended purpose of GnuPG's session key feature is
equally applicable here. If you disagree, I'd be happy to discuss it
in a GnuPG forum. In any case, it's not an OpenPGP issue.
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
-----END PGP SIGNATURE-----