[Top] [All Lists]

Re: typo in rfc2440: secret key packet format

1999-08-02 00:47:42

now I see :-)
Thank you very much!

Sven Wohlgemuth

At 9:49 Uhr -0700 30.07.1999, hal(_at_)finney(_dot_)org wrote:
Sven Wohlgemuth, <sven(_at_)krypt1(_dot_)cs(_dot_)uni-sb(_dot_)de>, writes:
Has a string-to-key specifier to follow the specification of the symmetric

It does, if there was a 255 and then the symmetric algorithm.  It must
not, if you just put in the symmetric algorithm and didn't put a 255

Since I can use the MD5 hash value of the passphrase as a symmetric key.
Why should I write
     255, 1
if I just want to use a symmetric algorithm without a s2k-specifier?

You don't have to.

     - One octet indicating string-to-key usage conventions.  0
       indicates that the secret key data is not encrypted.  255
       indicates that a string-to-key specifier is being given.  Any
       other value is a symmetric-key encryption algorithm specifier.
Isn't it possible to write
     1, enc_MPI, ...
1 for the sym. algorithm follwed by the encrypted MPIs, instead?

Almost.  There needs to be an IV before the encrypted MPIs start.

The idea is that there are three formats.  Unencrypted looks like:

      0, MPI, ...

The simpler encrypted case is similar to your last suggestion:

      <symmetric-alg>, <IV>, enc_MPI, ...

This uses the default "simple" string-to-key conventions.

The more complex one is:

      255, <symmetric-alg>, <string-to-key>, <IV>, enc_MPI, ...

This allows you to specify a different string to key specifier.  That is
the reason for the more complex format.  The iterated/salted string-to-key
is superior as it makes it harder to guess passphrases for someone who
gets hold of the private key.

Hal Finney

Sven Wohlgemuth, Department 14, Computer Science, University of
Saarbruecken, Germany, <>,
RSA: 46C3 B9EB B21D EAAF  63C7 D667 F040 88A7
DSS: 56F0 55A2 4DF8 53C1 1E0E  52CB E196 5D18 894F 7C23

<Prev in Thread] Current Thread [Next in Thread>
  • Re: typo in rfc2440: secret key packet format, Sven Wohlgemuth <=