[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: typo in rfc2440: secret key packet format
now I see :-)
Thank you very much!
At 9:49 Uhr -0700 30.07.1999, hal@xxxxxxxxxx wrote:
>Sven Wohlgemuth, <sven@xxxxxxxxxxxxxxxxxxx>, writes:
>> Has a string-to-key specifier to follow the specification of the symmetric
>It does, if there was a 255 and then the symmetric algorithm. It must
>not, if you just put in the symmetric algorithm and didn't put a 255
>> Since I can use the MD5 hash value of the passphrase as a symmetric key.
>> Why should I write
>> 255, 1
>> if I just want to use a symmetric algorithm without a s2k-specifier?
>You don't have to.
>> >> - One octet indicating string-to-key usage conventions. 0
>> >> indicates that the secret key data is not encrypted. 255
>> >> indicates that a string-to-key specifier is being given. Any
>> >> other value is a symmetric-key encryption algorithm specifier.
>> Isn't it possible to write
>> 1, enc_MPI, ...
>> 1 for the sym. algorithm follwed by the encrypted MPIs, instead?
>Almost. There needs to be an IV before the encrypted MPIs start.
>The idea is that there are three formats. Unencrypted looks like:
> 0, MPI, ...
>The simpler encrypted case is similar to your last suggestion:
> <symmetric-alg>, <IV>, enc_MPI, ...
>This uses the default "simple" string-to-key conventions.
>The more complex one is:
> 255, <symmetric-alg>, <string-to-key>, <IV>, enc_MPI, ...
>This allows you to specify a different string to key specifier. That is
>the reason for the more complex format. The iterated/salted string-to-key
>is superior as it makes it harder to guess passphrases for someone who
>gets hold of the private key.
Sven Wohlgemuth, Department 14, Computer Science, University of
Saarbruecken, Germany, <http://fsinfo.cs.uni-sb.de/~wohlgemuth>,
RSA: 46C3 B9EB B21D EAAF 63C7 D667 F040 88A7
DSS: 56F0 55A2 4DF8 53C1 1E0E 52CB E196 5D18 894F 7C23