Re: V3 secret keys

[Adam Back <adam@cypherspace.org>]

The pgp263 docs say (not much better):

| One unusual point about the way encryption is done.  Using the IDEA
| cipher in CFB mode, the first 10 bytes are decrypted normally, but
| bytes 10 to 17, the first 8 bytes of the data proper, are encrypted
| using bytes 2 to 9 (the last 8 bytes of the key check prefix) as the
| IV.  This is essentially using CFB-16 for one part of the
| encryption, while CFB-64 is used elsewhere.

So actually (I implemented this funky thing at some point to get
compat with some parts of pgp) what it means is you encrypt normally
with CFB-64 (encrypt previous 8 bytes, xor with plaintext).  When you
get to one of these sync points, it may be part way thru a block, so
you encrypt the short block as normal.  Then you take the previous 8
bytes of ciphertext and use it as the IV and continue.

So it I think really is standard partial block encryption, but to
resume after the block you take the last 8 bytes from the end of the
previous ciphertext chunk and use as the IV for the next chunk.

I agree what is written is pretty unclear.

Adam

On Thu, Feb 02, 2006 at 05:10:32PM +0000, Ben Laurie wrote:
> >> Does it mean that the IV is reset to whatever it was at the start of the
> >> current block? Does it mean that we use the partially-updated IV, but
> >> set the position back to the beginning? Does it mean we reset the IV to
> >> the initial value and start again? Or what?
> >>
> >> Cheers,
> >>
> >> Ben.
> > 
> > It means the usual CFB synchronization with outputting a partial block and
> > shifting the IV.
> 
> If that means anything at all, you appear to be describing standard CFB
> when applied to a partial block, which I assume the above is not.
> 
> -- 
> http://www.apache-ssl.org/ben.html       http://www.thebunker.net/
> 
> "There is no limit to what a man can do or how far he can go if he
> doesn't mind who gets the credit." - Robert Woodruff