ietf-openpgp
[Top] [All Lists]

Re: V3 secret keys

2006-02-19 09:10:28

Hal Finney wrote:
Ben Laurie writes:
No, I can't confirm that. I have code that works as we all expect CFB to
work (modulo "resync") on v4 secret keys. I had to make the change I
described to decrypt v3 keys. It seems to me rather unlikely that I have
it wrong given that I had to reverse engineer and write new code to get
a working implementation for v3!

To clarify, you are claiming that to unlock a V3 secret key, you don't
use the IV as usual in CFB mode.  Instead, you use an all-zero buffer
for the IV, and then prepend the IV from the secret key subpacket to
the data, decrypt that, and discard the first block of output?

So in other words, to get the first block of plaintext you do, in effect:

buf1 = Enc (all-zeros);
buf2 = buf1 xor IV;
buf3 = Enc (buf2);
buf4 = buf3 xor ciphertext

and buf4 will be the first block of plaintext?  You say your code does
this, and it works????

My code does this:

buf1 = Enc (IV);
buf2 = buf1 xor ciphertext

and buf2 is the first block of plaintext.

I just checked GPG and I confirmed that they work the same way I have
said.

Could you possibly show a few lines of your code, that does this step?
It's simply impossible for your code to be working as I have described
above, and to interoperate with existing V3 keys.  Either I misunderstood
your claim about the need for an all-zero IV, or you have misunderstood
what your own code is doing.

In fact, after discussion with Hal, we've established that:

a) Both of us are correct about what our code is doing

b) The two algorithms are effectively the same (for decryption, at least).

c) There was a bug in my code related to resyncing that setting the IV
"the hard way" worked around - which is why it appeared that v3 keys
were crypted differently.

So, we're in agreement about how it works now. My complaint about
"resyncing" stands, however.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

<Prev in Thread] Current Thread [Next in Thread>