[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Decrypting ElGamal messages

To: bleichen@xxxxxxxxxxxxxxxxxxxxxx
Subject: Re: Decrypting ElGamal messages
From: ulf@xxxxxxxx (Ulf Möller)
Date: Mon, 12 Apr 99 20:32 +0200
Cc: ietf-open-pgp@xxxxxxx
In-reply-to: <199904091656.MAA27520@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-open-pgp/mail-archive/>
List-unsubscribe: <mailto:ietf-open-pgp-request@imc.org?body=unsubscribe>
Newsgroups: ulf.open-pgp
Organization: HR13
Sender: owner-ietf-open-pgp@xxxxxxx

>> Upon decryption, the recipient needs to check the PKCS-1 formatting,
>> the checksum, and that the symmetric algorithm byte is one of the
>> supported algorithms.  It then tries to decrypt the following message
>> block using that algorithm and session key, which block also has in
>> it a two-byte redundancy at the beginning to further detect bad keys.
>
>Thanks a lot for the information. Would have missed the checksum
>in the bulk data otherwise.

I don't think you can count it in.  While the semantics of a (Session
Key Packet, Literal Packet) message is not defined in the RFC, a naïve
implementor may very well try to be "generous in what they accept", as
is suggested elsewhere in the document.

PGP 5 does not accept such messages, but prints an "assertion failed"
message only if the PKCS #1 padding and the Session Key Packet
checksum are correct.

References:
- Re: Decrypting ElGamal messages
  - From: Daniel Bleichenbacher

Prev by Date: Re: Sample Twofish message
Next by Date: Phil Zimmermann's suggestion for large ciphers
Previous by thread: Re: Decrypting ElGamal messages
Next by thread: Phil Zimmermann's suggestion for large ciphers
Index(es):
- Date
- Thread