Hi!
I read and re-read the rfc 2440 and I am confused about few things.
(from http://www.imc.org/draft-ietf-openpgp-rfc2440bis)
...
5.5.3. Secret Key Packet Formats
The Secret Key and Secret Subkey packets contain all the data of the
Public Key and Public Subkey packets, with additional
algorithm-specific secret key data appended, in encrypted form.
The packet contains:
- A Public Key or Public Subkey packet, as described above
- One octet indicating string-to-key usage conventions. 0
indicates that the secret key data is not encrypted. 255
indicates that a string-to-key specifier is being given. Any
other value is a symmetric-key encryption algorithm specifier.
- [Optional] If string-to-key usage octet was 255, a one-octet
symmetric encryption algorithm.
- [Optional] If string-to-key usage octet was 255, a string-to-key
specifier. The length of the string-to-key specifier is implied
by its type, as described above.
So far so good.
- [Optional] If secret data is encrypted, Initial Vector (IV) of
the same length as the cipher's block size.
- Encrypted multi-precision integers comprising the secret key
data. These algorithm-specific fields are as described below.
- Two-octet checksum of the plaintext of the algorithm-specific
portion (sum of all octets, mod 65536). This checksum is
encrypted together with the algorithm- specific fields.
I have some questions about the last three paragraphs:
- Is the Initial Vector encrypted with the algorithm-specific
portion?
- In case that the Initial Vector is encrypted with the
algorithm-specific portion, does the plain text of the the
algorithm-specific portion, on that the checksum is made, include the
Initial vector or not?
- Let's assume that I encrypt the algorithm-specific portion with
IDEA. What it happens if the length of the algorithm-specific portion is
not multiple of 8 (64 bit)? How can I fill the last block of the
algorithm-specific portion to be an 8 byte (64 bit) block?
Is anybody who can answer to my questions?
Thank you in advance,
Cornel Gligan-Ignatescu