I need to encrypt secret data of the keypair to prevent attackers from
misusing the keypair. I am using 3DES symmetric algorithm in encrypting
and decrypting the secret key. As a s2k specifier I use Iterated and
Salted S2K, so in the encryption process I need the secret passphrase,
the Coded count, an 8-octet salt value and an 8-octet Initial Vector. My
question is: is the Initial vector some arbitrary data like salt values
are? In this case it would be some 64-bit random number. And what about
the coded count value? What affects to the value? I have generated my keys
so far with gnu privacy guard software and the count has always been 96
(65536) in every key. I didn`t find solution to this from the RFC2440. Can
someone clarify this?
Yes, the IV should be a 64 bit random number.
The purpose of the coded count is to slow down dictionary attacks. In a
dictionary attack, someone who gets access to the secret key ring tries
all possible pass phrases. By slowing down the operation of turning a
passphrase into the 3DES key that unlocks the secret key, it makes the
dictionary attacker's job harder.
Choosing a value for the coded count is a tradeoff. Larger values will
help defend against dictionary attacks, but they will also slow down
the process of unlocking the key for legitimate users. If keys in your
application will be unlocked by human users typing in their passphrases,
then larger coded counts would be acceptable, providing for delays of 1/10
or even 1/2 second or more. If your application must expose the secret
key data structure, again larger coded counts would be appropriate.
On the other hand, if your application involves an automated system
which must frequently unlock keys, and/or if you are confident that
your passphrases are strong and can't be found with a dictionary attack,
and/or if you have good security to keep the secret key ring from being
exposed, then you might go with a lower coded count. Those are the kinds
of considerations that will help you balance the tradeoffs.
Hal Finney