IETF Logo Mail Archive

Re: V3 secret keys

hal@finney.org ("Hal Finney") Tue, 07 February 2006 02:05 UTC

Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F6IE2-0001Dk-FU for openpgp-archive@megatron.ietf.org; Mon, 06 Feb 2006 21:05:03 -0500
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id VAA05604 for <openpgp-archive@lists.ietf.org>; Mon, 6 Feb 2006 21:03:20 -0500 (EST)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id k171u4aW044825; Mon, 6 Feb 2006 17:56:04 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id k171u4pu044804; Mon, 6 Feb 2006 17:56:04 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id k171u3jj044793 for <ietf-openpgp@imc.org>; Mon, 6 Feb 2006 17:56:03 -0800 (PST) (envelope-from hal@finney.org)
Received: by finney.org (Postfix, from userid 500) id 84A0557FAE; Mon, 6 Feb 2006 17:59:43 -0800 (PST)
To: ietf-openpgp@imc.org, vedaal@hush.com
Subject: Re: V3 secret keys
Message-Id: <20060207015943.84A0557FAE@finney.org>
Date: Mon, 06 Feb 2006 17:59:43 -0800
From: hal@finney.org
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

Vedaal writes:
> On Mon, 06 Feb 2006 17:38:01 -0500 Hal Finney <hal@finney.org> 
> wrote:
>
> >Note that V3 keys only support ciphers with a block size of 8 
> >bytes, so
> >I think it is OK to explicitly say "8 octets" here.
>
> are v4 keys different in this respect ?
>
> (i.e., is there any cipher currently within the open pgp standard 
> that v4 keys support that v3 keys could not?

Actually I think I was wrong about what I wrote there.  At the time that
V3 keys were created, only 8-byte ciphers were used by PGP, but now I
think it would be legal to create a V3 key and use a 16-byte cipher like
AES to encrypt the private part.  (Or to re-encrypt the private part of
an existing V3 key using AES instead of IDEA or 3DES.)

So I would have to modify my proposed change to the language of the
spec to say something like:

   Furthermore, at the beginning of each MPI value after the first, the
   CFB state is re-synchronized to its initial state, with the IV for
   that MPI taken as the final octets of the ciphertext of the previous
   MPI value, with the number of such octets being equal to the block
   size of the cipher.

> classically, v3 keys were started when all that was available was 
> IDEA,
> but Disastry extended 2.6x for v3 keys to accept 'any' open-pgp 
> cipher, 
> even for symmetric protection of the secret key
>
> (i have occasionally found it useful to prepare v3 non-IDEA test 
> keys,
> for gnupg testers who prefer not to use patented algorithms, even 
> for testing, if there is a convenient way around it)
>
> [am not trying to awaken a v3 / v4 controversy ;-)
> am just trying to 'understand' what i might have 'missed' ]

Thanks for pointing out my mistake!

Hal Finney

v2.23.0 | Report a Bug | By Email