What, in particular, are you confused about? (comment inline)
"Cornel GLIGAN" <cornel(_dot_)gligan(_at_)interscope(_dot_)ro> writes:
Hi!
I tried to store a private key in OpenPGP format, using the CFB mode as
described in http://www.imc.org/draft-ietf-openpgp-rfc2440bis :
12.8. OpenPGP CFB mode
OpenPGP does symmetric encryption using a variant of Cipher Feedback
Mode (CFB mode). This section describes the procedure it uses in
detail. This mode is what is used for Symmetrically Encrypted Data
Packets; the mechanism used for encrypting secret key material is
similar, but described in those sections above.
In the description below, the value BS is the block size in octets
of the cipher. Most ciphers have a block size of 8 octets. The AES
and Twofish have a blocksize of 16 octets. Also note that the
description below assumes that the IV and CFB arrays start with an
index of 1 (unlike the C language, which assumes arrays start with a
zero index).
OpenPGP CFB mode uses an initialization vector (IV) of all zeros,
and prefixes the plaintext with BS+2 octets of random data, such
that octets BS+1 and BS+2 match octets BS-1 and BS. It does a CFB
"resync" after encrypting those BS+2 octets.
Thus, for an algorithm that has a block size of 8 octets (64 bits),
the IV is 10 octets long and octets 7 and 8 of the IV are the same
as octets 9 and 10. For an algorithm with a blocksize of 16 octets
(128 bits), the IV is 18 octets long, and octets 17 and 18 replicate
octets 15 and 16. Those extra two octets are an easy check for a
correct key.
Step by step, here is the procedure:
1. The feedback register (FR) is set to the IV, which is all zeros.
What this really says is "The CFB feedback register, which acts at
the Initialization Vector as per the CFB FIPS, is initialized to all
zeros.
2. FR is encrypted to produce FRE (FR Encrypted). This is the
encryption of an all-zero value.
3. FRE is xored with the first BS octets of random data prefixed to
the plaintext to produce C[1] through C[BS], the first BS octets
of ciphertext.
4. FR is loaded with C[1] through C[BS].
5. FR is encrypted to produce FRE, the encryption of the first BS
octets of ciphertext.
6. The left two octets of FRE get xored with the next two octets of
data that were prefixed to the plaintext. This produces C[BS+1]
and C[BS+2], the next two octets of ciphertext.
7. (The resync step) FR is loaded with C[3] through C[BS+2].
8. FR is encrypted to produce FRE.
9. FRE is xored with the first BS octets of the given plaintext,
now that we have finished encrypting the BS+2 octets of prefixed
data. This produces C[BS+3] through C[BS+(BS+2)], the next BS
octets of ciphertext.
10. FR is loaded with C[BS+3] to C[BS + (BS+2)] (which is C11-C18
for an 8-octet block).
11. FR is encrypted to produce FRE.
12. FRE is xored with the next BS octets of plaintext, to produce
the next BS octets of ciphertext. These are loaded into FR and
the process is repeated until the plaintext is used up.
Is anybody who can explain to me in details how CFB works because I am
very confused. I didn't understand anything after I read this text?
Well, it's explained pretty thoroughly above. The step-by-step
instructions pretty much tell you what you need to know. What exactly
are you confused about?
Thank you in advance,
Cornel Gligan-Ignatescu
-derek
--
Derek Atkins
Computer and Internet Security Consultant
derek(_at_)ihtfp(_dot_)com www.ihtfp.com