I read and re-read the rfc 2440 and I am confused about few things.
5.5.3. Secret Key Packet Formats
The Secret Key and Secret Subkey packets contain all the data of the
Public Key and Public Subkey packets, with additional
algorithm-specific secret key data appended, in encrypted form.
The packet contains:
- A Public Key or Public Subkey packet, as described above
- One octet indicating string-to-key usage conventions. 0
indicates that the secret key data is not encrypted. 255
indicates that a string-to-key specifier is being given. Any
other value is a symmetric-key encryption algorithm specifier.
- [Optional] If string-to-key usage octet was 255, a one-octet
symmetric encryption algorithm.
- [Optional] If string-to-key usage octet was 255, a string-to-key
specifier. The length of the string-to-key specifier is implied
by its type, as described above.
So far so good.
- [Optional] If secret data is encrypted, Initial Vector (IV) of
the same length as the cipher's block size.
- Encrypted multi-precision integers comprising the secret key
data. These algorithm-specific fields are as described below.
- Two-octet checksum of the plaintext of the algorithm-specific
portion (sum of all octets, mod 65536). This checksum is
encrypted together with the algorithm- specific fields.
I have some questions about the last three paragraphs:
- Is the Initial Vector encrypted with the algorithm-specific
- In case that the Initial Vector is encrypted with the
algorithm-specific portion, does the plain text of the the
algorithm-specific portion, on that the checksum is made, include the
Initial vector or not?
- Let's assume that I encrypt the algorithm-specific portion with
IDEA. What it happens if the length of the algorithm-specific portion is
not multiple of 8 (64 bit)? How can I fill the last block of the
algorithm-specific portion to be an 8 byte (64 bit) block?
Is anybody who can answer to my questions?
Thank you in advance,