[Top] [All Lists]

Re: Need some explanations about privarte key in OpenPGP format, CFB mode

2002-02-14 08:23:21

What, in particular, are you confused about?  (comment inline)

"Cornel GLIGAN" <cornel(_dot_)gligan(_at_)interscope(_dot_)ro> writes:


I tried to store a private key in OpenPGP format, using the CFB mode as
described in :

12.8. OpenPGP CFB mode

   OpenPGP does symmetric encryption using a variant of Cipher Feedback
   Mode (CFB mode). This section describes the procedure it uses in
   detail. This mode is what is used for Symmetrically Encrypted Data
   Packets; the mechanism used for encrypting secret key material is
   similar, but described in those sections above.

   In the description below, the value BS is the block size in octets
   of the cipher. Most ciphers have a block size of 8 octets. The AES
   and Twofish have a blocksize of 16 octets. Also note that the
   description below assumes that the IV and CFB arrays start with an
   index of 1 (unlike the C language, which assumes arrays start with a
   zero index).

   OpenPGP CFB mode uses an initialization vector (IV) of all zeros,
   and prefixes the plaintext with BS+2 octets of random data, such
   that octets BS+1 and BS+2 match octets BS-1 and BS.  It does a CFB
   "resync" after encrypting those BS+2 octets.

   Thus, for an algorithm that has a block size of 8 octets (64 bits),
   the IV is 10 octets long and octets 7 and 8 of the IV are the same
   as octets 9 and 10. For an algorithm with a blocksize of 16 octets
   (128 bits), the IV is 18 octets long, and octets 17 and 18 replicate
   octets 15 and 16. Those extra two octets are an easy check for a
   correct key.

   Step by step, here is the procedure:

   1.  The feedback register (FR) is set to the IV, which is all zeros.

What this really says is "The CFB feedback register, which acts at
the Initialization Vector as per the CFB FIPS, is initialized to all

   2.  FR is encrypted to produce FRE (FR Encrypted).  This is the
       encryption of an all-zero value.

   3.  FRE is xored with the first BS octets of random data prefixed to
       the plaintext to produce C[1] through C[BS], the first BS octets
       of ciphertext.

   4.  FR is loaded with C[1] through C[BS].

   5.  FR is encrypted to produce FRE, the encryption of the first BS
       octets of ciphertext.

   6.  The left two octets of FRE get xored with the next two octets of
       data that were prefixed to the plaintext.  This produces C[BS+1]
       and C[BS+2], the next two octets of ciphertext.

   7.  (The resync step) FR is loaded with C[3] through C[BS+2].

   8.  FR is encrypted to produce FRE.

   9.  FRE is xored with the first BS octets of the given plaintext,
       now that we have finished encrypting the BS+2 octets of prefixed
       data.  This produces C[BS+3] through C[BS+(BS+2)], the next BS
       octets of ciphertext.

  10.  FR is loaded with C[BS+3] to C[BS + (BS+2)] (which is C11-C18
       for an 8-octet block).

  11.  FR is encrypted to produce FRE.

  12.  FRE is xored with the next BS octets of plaintext, to produce
       the next BS octets of ciphertext.  These are loaded into FR and
       the process is repeated until the plaintext is used up.

Is anybody who can explain to me in details how CFB works because I am
very confused. I didn't understand anything after I read this text?

Well, it's explained pretty thoroughly above.  The step-by-step
instructions pretty much tell you what you need to know.  What exactly
are you confused about?

Thank you in advance,

Cornel Gligan-Ignatescu


       Derek Atkins
       Computer and Internet Security Consultant