Hal Finney wrote:
Ben Laurie writes:
Hal Finney wrote:
The IV is used in the standard way. You may be
thinking of symmetrically encrypted data packets, which work as you
say here. V3 private keys are standard.
Experiment and code reading/running says it is correct.
I rechecked my source code and I can confirm my statement. The IV is
used in the standard way for V3 secret key CFB encryption. The line is
PGPInitCFB(*cfbp, key, buf + alglen);
This initializes the CFB context in the first argument, using the key
in the 2nd argument and the IV in the 3rd argument. In this case the
IV is buf+alglen where buf is a pointer into the secret key data and
alglen is the offset past the S2K stuff. If we were using an all-zeros
IV as Ben suggests then we would have had to set up a buffer to act as
the IV, fill it with zeros, and pass that to the PGPInitCFB function.
We don't do that.
(This is an important point because if it doesn't work as I have
described, then the spec is completely wrong and it would be extremely
important to change it ASAP. So I hope Ben or others can confirm that
the spec is right on this matter.)
No, I can't confirm that. I have code that works as we all expect CFB to
work (modulo "resync") on v4 secret keys. I had to make the change I
described to decrypt v3 keys. It seems to me rather unlikely that I have
it wrong given that I had to reverse engineer and write new code to get
a working implementation for v3!
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff