now I see :-)
Thank you very much!
At 9:49 Uhr -0700 30.07.1999, hal(_at_)finney(_dot_)org wrote:
Sven Wohlgemuth, <sven(_at_)krypt1(_dot_)cs(_dot_)uni-sb(_dot_)de>, writes:
Has a string-to-key specifier to follow the specification of the symmetric
It does, if there was a 255 and then the symmetric algorithm. It must
not, if you just put in the symmetric algorithm and didn't put a 255
Since I can use the MD5 hash value of the passphrase as a symmetric key.
Why should I write
if I just want to use a symmetric algorithm without a s2k-specifier?
You don't have to.
- One octet indicating string-to-key usage conventions. 0
indicates that the secret key data is not encrypted. 255
indicates that a string-to-key specifier is being given. Any
other value is a symmetric-key encryption algorithm specifier.
Isn't it possible to write
1, enc_MPI, ...
1 for the sym. algorithm follwed by the encrypted MPIs, instead?
Almost. There needs to be an IV before the encrypted MPIs start.
The idea is that there are three formats. Unencrypted looks like:
0, MPI, ...
The simpler encrypted case is similar to your last suggestion:
<symmetric-alg>, <IV>, enc_MPI, ...
This uses the default "simple" string-to-key conventions.
The more complex one is:
255, <symmetric-alg>, <string-to-key>, <IV>, enc_MPI, ...
This allows you to specify a different string to key specifier. That is
the reason for the more complex format. The iterated/salted string-to-key
is superior as it makes it harder to guess passphrases for someone who
gets hold of the private key.
Sven Wohlgemuth, Department 14, Computer Science, University of
Saarbruecken, Germany, <http://fsinfo.cs.uni-sb.de/~wohlgemuth>,
RSA: 46C3 B9EB B21D EAAF 63C7 D667 F040 88A7
DSS: 56F0 55A2 4DF8 53C1 1E0E 52CB E196 5D18 894F 7C23