The pgp263 docs say (not much better):
| One unusual point about the way encryption is done. Using the IDEA
| cipher in CFB mode, the first 10 bytes are decrypted normally, but
| bytes 10 to 17, the first 8 bytes of the data proper, are encrypted
| using bytes 2 to 9 (the last 8 bytes of the key check prefix) as the
| IV. This is essentially using CFB-16 for one part of the
| encryption, while CFB-64 is used elsewhere.
So actually (I implemented this funky thing at some point to get
compat with some parts of pgp) what it means is you encrypt normally
with CFB-64 (encrypt previous 8 bytes, xor with plaintext). When you
get to one of these sync points, it may be part way thru a block, so
you encrypt the short block as normal. Then you take the previous 8
bytes of ciphertext and use it as the IV and continue.
So it I think really is standard partial block encryption, but to
resume after the block you take the last 8 bytes from the end of the
previous ciphertext chunk and use as the IV for the next chunk.
I agree what is written is pretty unclear.
Adam
On Thu, Feb 02, 2006 at 05:10:32PM +0000, Ben Laurie wrote:
Does it mean that the IV is reset to whatever it was at the start of the
current block? Does it mean that we use the partially-updated IV, but
set the position back to the beginning? Does it mean we reset the IV to
the initial value and start again? Or what?
Cheers,
Ben.
It means the usual CFB synchronization with outputting a partial block and
shifting the IV.
If that means anything at all, you appear to be describing standard CFB
when applied to a partial block, which I assume the above is not.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff