[Top] [All Lists]

Re: Message Integrity

1999-04-22 19:31:01
On Thu, 22 Apr 1999, Adam Back wrote:

I am using a keyid of zero to trigger the MIC mode (internally I
derive the algorithm from the keyid, but I could a flag or something

Wasn't keyid of all 0s already reserved for another purpose.  I seem
to recall a discussion by Hal and others some time back about reducing
the number of keyid bits to reduce identity leakage.  Ultimately this
came down to having an empty keyid, where the recipient would have to
check on private keys on their key ring sequentialy to discover which
one to use.

This was for encryption, so you could place the message in a public forum
without identifying the recipient.

For signing it would be less practical, and I don't know if anyone really
implements it.  (i.e. you would have to keep the public keys private so
only the group could verify the signature and know who signed it).

The algorithm ID would be zero too.  My implementation selects the
signature algorithm based on key id, but that could be fixed too, though I
would need to alter the command line and maybe some API parameters.

Don't you use the algorithm ID (1 = RSA, 2 etc) as the item in the
switch statement in your existing code?  Couldn't you then use alg ID
= 0 for no sig?

Basically this is what I do, but I have it in the form of if-elseif-else
type things instead of case statements.