I believe Uri was referring to the passphrase-protected secret key
data, which does use an IV in the conventional sense.
Hmmm, from the pgp 2.6.3 documentation about secret key certificates:
| and the checksum is used to tell if the password was good. The CFB
| IV field is just encrypted random data, assuming the "true" IV was
This is what is done in GnuPG too and I have checked interoperability
against pgp 5.0beta.
the rest of the packet anyway, so there is no need to parse it. You do
have information about the overall packet size from the packet headers,
so you can just skip past the encrypted data.
Sure, it adds extra complexity to the already complex issue with
S2K and pgp2 mode - but no problem ;-)
approach for this problem. I will post a summary later this morning.
This means late evening in Europe :-(
Werner Koch at guug.de www.gnupg.org keyid 621CC013