Decrypting ElGamal messages

Can anyone tell me how an ElGamal encrypted message has to be 
decrypted? The open-pgp documentation doesn't give the answer.
I'm specially interested in how padding and checksums are handled.

I'm asking this question, because ElGamal encryption has the
same multiplicative properties as RSA. In particular, given
the encryption of a message M (including padding), it is easy
to generate the encryption of M*S (mod p) for a given S, without
knowing M. Hence the same attack that was possible against SSL
potentially works against ElGamal, when used with PKCS #1 v1.5 
padding.
BTW, is there any reason why PKCS #1 v1.5 padding is used and
not PKCS #1 v2?

-- Daniel Bleichenbacher

<Prev in Thread]	Current Thread	[Next in Thread>
Decrypting ElGamal messages, Daniel Bleichenbacher <= Re: Decrypting ElGamal messages, Peter Gutmann Re: Decrypting ElGamal messages, Daniel Bleichenbacher Re: Decrypting ElGamal messages, hal Re: Decrypting ElGamal messages, Peter Gutmann Re: Decrypting ElGamal messages, Daniel Bleichenbacher Re: Decrypting ElGamal messages, Ulf Möller

Previous by Date:	Re: Sample Twofish message, Lutz Donnerhacke
Next by Date:	Re: Sample Twofish message, Jon Callas
Previous by Thread:	Organize Web Info..., bizusa
Next by Thread:	Re: Decrypting ElGamal messages, Peter Gutmann
Indexes:	[Date] [Thread] [Top] [All Lists]