IETF Logo Mail Archive

Re: V3 secret keys

Ben Laurie <ben@algroup.co.uk> Wed, 15 February 2006 11:04 UTC

Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F9KSs-0006S9-VS for openpgp-archive@megatron.ietf.org; Wed, 15 Feb 2006 06:04:55 -0500
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id GAA28951 for <openpgp-archive@lists.ietf.org>; Wed, 15 Feb 2006 06:03:08 -0500 (EST)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id k1FAnMp4035932; Wed, 15 Feb 2006 02:49:22 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id k1FAnMai035931; Wed, 15 Feb 2006 02:49:22 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id k1FAnMSO035925 for <ietf-openpgp@imc.org>; Wed, 15 Feb 2006 02:49:22 -0800 (PST) (envelope-from ben@algroup.co.uk)
Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id 82A6033C1C; Wed, 15 Feb 2006 10:49:21 +0000 (GMT)
Message-ID: <43F307B1.50502@algroup.co.uk>
Date: Wed, 15 Feb 2006 10:51:29 +0000
From: Ben Laurie <ben@algroup.co.uk>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: Hal Finney <hal@finney.org>
CC: ietf-openpgp@imc.org
Subject: Re: V3 secret keys
References: <20060207201945.B07EF57FAF@finney.org>
In-Reply-To: <20060207201945.B07EF57FAF@finney.org>
X-Enigmail-Version: 0.93.0.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit

Hal Finney wrote:
> Ben Laurie writes:
>> Hal Finney wrote:
>>> The IV is used in the standard way.  You may be
>>> thinking of symmetrically encrypted data packets, which work as you
>>> say here.  V3 private keys are standard.
>> Experiment and code reading/running says it is correct.
> 
> I rechecked my source code and I can confirm my statement.  The IV is
> used in the standard way for V3 secret key CFB encryption.  The line is
> 
> 	PGPInitCFB(*cfbp, key, buf + alglen);
> 
> This initializes the CFB context in the first argument, using the key
> in the 2nd argument and the IV in the 3rd argument.  In this case the
> IV is buf+alglen where buf is a pointer into the secret key data and
> alglen is the offset past the S2K stuff.  If we were using an all-zeros
> IV as Ben suggests then we would have had to set up a buffer to act as
> the IV, fill it with zeros, and pass that to the PGPInitCFB function.
> We don't do that.
> 
> (This is an important point because if it doesn't work as I have
> described, then the spec is completely wrong and it would be extremely
> important to change it ASAP.  So I hope Ben or others can confirm that
> the spec is right on this matter.)

No, I can't confirm that. I have code that works as we all expect CFB to
work (modulo "resync") on v4 secret keys. I had to make the change I
described to decrypt v3 keys. It seems to me rather unlikely that I have
it wrong given that I had to reverse engineer and write new code to get
a working implementation for v3!

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

v2.23.0 | Report a Bug | By Email