[Top] [All Lists]

Re: typo in rfc2440: secret key packet format

1999-07-30 09:45:43
Sven Wohlgemuth, <sven(_at_)krypt1(_dot_)cs(_dot_)uni-sb(_dot_)de>, writes:
Has a string-to-key specifier to follow the specification of the symmetric

It does, if there was a 255 and then the symmetric algorithm.  It must
not, if you just put in the symmetric algorithm and didn't put a 255

Since I can use the MD5 hash value of the passphrase as a symmetric key.
Why should I write
      255, 1
if I just want to use a symmetric algorithm without a s2k-specifier?

You don't have to.

     - One octet indicating string-to-key usage conventions.  0
       indicates that the secret key data is not encrypted.  255
       indicates that a string-to-key specifier is being given.  Any
       other value is a symmetric-key encryption algorithm specifier.
Isn't it possible to write
      1, enc_MPI, ...
1 for the sym. algorithm follwed by the encrypted MPIs, instead?

Almost.  There needs to be an IV before the encrypted MPIs start.

The idea is that there are three formats.  Unencrypted looks like:

        0, MPI, ...

The simpler encrypted case is similar to your last suggestion:

        <symmetric-alg>, <IV>, enc_MPI, ...

This uses the default "simple" string-to-key conventions.

The more complex one is:

        255, <symmetric-alg>, <string-to-key>, <IV>, enc_MPI, ...

This allows you to specify a different string to key specifier.  That is
the reason for the more complex format.  The iterated/salted string-to-key
is superior as it makes it harder to guess passphrases for someone who
gets hold of the private key.

Hal Finney

<Prev in Thread] Current Thread [Next in Thread>