IETF Logo Mail Archive

Re: V3 secret keys

hal@finney.org ("Hal Finney") Wed, 15 February 2006 20:27 UTC

Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F9TEr-0004RS-VP for openpgp-archive@megatron.ietf.org; Wed, 15 Feb 2006 15:27:02 -0500
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA28342 for <openpgp-archive@lists.ietf.org>; Wed, 15 Feb 2006 15:25:12 -0500 (EST)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id k1FK9UCb079331; Wed, 15 Feb 2006 12:09:30 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id k1FK9U90079330; Wed, 15 Feb 2006 12:09:30 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id k1FK9RKo079316 for <ietf-openpgp@imc.org>; Wed, 15 Feb 2006 12:09:29 -0800 (PST) (envelope-from hal@finney.org)
Received: by finney.org (Postfix, from userid 500) id 0D48557FAE; Wed, 15 Feb 2006 12:13:41 -0800 (PST)
To: ben@algroup.co.uk, hal@finney.org
Subject: Re: V3 secret keys
Cc: ietf-openpgp@imc.org
Message-Id: <20060215201341.0D48557FAE@finney.org>
Date: Wed, 15 Feb 2006 12:13:41 -0800
From: hal@finney.org
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

Ben Laurie writes:
> No, I can't confirm that. I have code that works as we all expect CFB to
> work (modulo "resync") on v4 secret keys. I had to make the change I
> described to decrypt v3 keys. It seems to me rather unlikely that I have
> it wrong given that I had to reverse engineer and write new code to get
> a working implementation for v3!

To clarify, you are claiming that to unlock a V3 secret key, you don't
use the IV as usual in CFB mode.  Instead, you use an all-zero buffer
for the IV, and then prepend the IV from the secret key subpacket to
the data, decrypt that, and discard the first block of output?

So in other words, to get the first block of plaintext you do, in effect:

buf1 = Enc (all-zeros);
buf2 = buf1 xor IV;
buf3 = Enc (buf2);
buf4 = buf3 xor ciphertext

and buf4 will be the first block of plaintext?  You say your code does
this, and it works????

My code does this:

buf1 = Enc (IV);
buf2 = buf1 xor ciphertext

and buf2 is the first block of plaintext.

I just checked GPG and I confirmed that they work the same way I have
said.

Could you possibly show a few lines of your code, that does this step?
It's simply impossible for your code to be working as I have described
above, and to interoperate with existing V3 keys.  Either I misunderstood
your claim about the need for an all-zero IV, or you have misunderstood
what your own code is doing.

Hal Finney

v2.23.0 | Report a Bug | By Email