ietf-openpgp
[Top] [All Lists]

Re: V3 secret keys

2006-02-06 19:05:27

Vedaal writes:
On Mon, 06 Feb 2006 17:38:01 -0500 Hal Finney <hal(_at_)finney(_dot_)org> 
wrote:

Note that V3 keys only support ciphers with a block size of 8 
bytes, so
I think it is OK to explicitly say "8 octets" here.

are v4 keys different in this respect ?

(i.e., is there any cipher currently within the open pgp standard 
that v4 keys support that v3 keys could not?

Actually I think I was wrong about what I wrote there.  At the time that
V3 keys were created, only 8-byte ciphers were used by PGP, but now I
think it would be legal to create a V3 key and use a 16-byte cipher like
AES to encrypt the private part.  (Or to re-encrypt the private part of
an existing V3 key using AES instead of IDEA or 3DES.)

So I would have to modify my proposed change to the language of the
spec to say something like:

   Furthermore, at the beginning of each MPI value after the first, the
   CFB state is re-synchronized to its initial state, with the IV for
   that MPI taken as the final octets of the ciphertext of the previous
   MPI value, with the number of such octets being equal to the block
   size of the cipher.

classically, v3 keys were started when all that was available was 
IDEA,
but Disastry extended 2.6x for v3 keys to accept 'any' open-pgp 
cipher, 
even for symmetric protection of the secret key

(i have occasionally found it useful to prepare v3 non-IDEA test 
keys,
for gnupg testers who prefer not to use patented algorithms, even 
for testing, if there is a convenient way around it)

[am not trying to awaken a v3 / v4 controversy ;-)
am just trying to 'understand' what i might have 'missed' ]

Thanks for pointing out my mistake!

Hal Finney

<Prev in Thread] Current Thread [Next in Thread>