Re: [openpgp] AEAD Chunk Size

Werner Koch <> Tue, 23 April 2019 08:15 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2F7A612040F for <>; Tue, 23 Apr 2019 01:15:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -7
X-Spam-Status: No, score=-7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id IxN2G7x4m91N for <>; Tue, 23 Apr 2019 01:15:11 -0700 (PDT)
Received: from ( [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id CE3A8120409 for <>; Tue, 23 Apr 2019 01:15:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;; s=20181017; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date: References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=yo73FO3xUWMQ96sCkAcCN5hcONxTmCwjtTCwx9zToFc=; b=c0qU3maCyvZV4+4VLCTIv55pUf Qihjuihyo9/whNqwavI/gTbIVDxhMEPs0z6gfmKW3H1aou+D/aw0vQn5Qmar7NgBZCYibMz8HG/uC J1rHKwJtCXESHOQ5bWJ2KSUSq+T0fG7TXpyec0HhHfYdJSl4Qb9RlikDrXVnMx57fH1Y=;
Received: from uucp by with local-rmail (Exim 4.89 #1 (Debian)) id 1hIqa5-0008RW-Cd for <>; Tue, 23 Apr 2019 10:15:09 +0200
Received: from wk by with local (Exim 4.84 #3 (Debian)) id 1hIqWL-0001t0-9V; Tue, 23 Apr 2019 10:11:17 +0200
From: Werner Koch <>
To: Bart Butler <>
Cc: Bart Butler <>, "openpgp\" <>
References: <> <> <> <> <> <> <> <> <> <> <>
Organisation: GnuPG e.V.
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
Mail-Followup-To: Bart Butler <>, Bart Butler <>, "openpgp\" <>
Date: Tue, 23 Apr 2019 10:11:16 +0200
In-Reply-To: <> (Bart Butler's message of "Thu, 18 Apr 2019 17:28:31 +0000")
Message-ID: <>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=Yobie_M.P.R.I._Recce_Spillover_BOSS_supercomputer_William_Gates_Terr"; micalg=pgp-sha256; protocol="application/pgp-signature"
Archived-At: <>
Subject: Re: [openpgp] AEAD Chunk Size
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 23 Apr 2019 08:15:23 -0000

On Thu, 18 Apr 2019 17:28,

> hope Werner likes this because GnuPG is already doing 8KiB chunks, so

I am not sure about the context.  Are you talking about the partial
length encoding or about the AEAD chunk size, a modification of AEAD to
allow detection of transmission errors before the end of the data?

GnuPG 2.3 creates AEAD chunks not larger than 128 MiB.  This can be
changed with an option down to 64 bytes.  However such a values is only
useful for regression testing as it slows down the performance.  I may
consider to change the default to 1 MiB but not lower.

Let me repeat that the whole discussion on the size of the AEAD chunks
is mostly off topic because the chunks are _only_ here to allow
detection of transmission errors before Gigabytes of data have been
processes.  This was the reason why I suggested to Brian the addition of
a chunking mode for AEAD.

Whether the received data is authentic can only be asserted by checking
the signature and that can obviously only be done after all AEAD chunks
have been decrypted.

Those implementations wanting to show a preview can do so regardless of
any AEAD validation etc.  They should just make clear to the user that
this is an unauthenticated and possible corrupted preview of the data.

For all other purposes I propose to use a different protocol on top of
OpenPGP a (e.g MIME) and not to overload OpenPGP with unneeded stuff.
Or well, start from scratch and use a different name for it.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.