[openpgp] Very basic support for the AEAD proposal in GnuPG
Werner Koch <wk@gnupg.org> Sun, 21 January 2018 16:20 UTC
Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7AF6A1241F3 for <openpgp@ietfa.amsl.com>; Sun, 21 Jan 2018 08:20:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.001
X-Spam-Level:
X-Spam-Status: No, score=-5.001 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id E8QepPCRNMCX for <openpgp@ietfa.amsl.com>; Sun, 21 Jan 2018 08:20:28 -0800 (PST)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93320126D73 for <openpgp@ietf.org>; Sun, 21 Jan 2018 08:20:28 -0800 (PST)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1edIM6-0007Pj-Ou for <openpgp@ietf.org>; Sun, 21 Jan 2018 17:20:26 +0100
Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1edIDt-0000Le-HL for <openpgp@ietf.org>; Sun, 21 Jan 2018 17:11:57 +0100
From: Werner Koch <wk@gnupg.org>
To: openpgp@ietf.org
Organisation: The GnuPG Project
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
Mail-Followup-To: openpgp@ietf.org
Date: Sun, 21 Jan 2018 17:11:57 +0100
Message-ID: <877esb42eq.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=Yukon_RSA_Watergate_Albright_MILSATCOM_explosion_Osama_covert_video="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/ZGihriRpHYb7dEw2mO2wbboKZWY>
Subject: [openpgp] Very basic support for the AEAD proposal in GnuPG
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Jan 2018 16:20:31 -0000
Hi! I just pushed my first take on AEAD support for bulk data encryption to GnuPG master. Not well tested and only tested with OCB. Fortunately patches for EAX also landed in Libgcrypt master this weekend. Thus using libgcrypt from master with the lasted patches should allow for EAX encryption as well (no need for --aead-algo in this case). This code has seen only a very few manual tests. Encrypting always uses a 64k chunks and decryption has not been tested with larger chunks. Those small chunks make debugging much faster. Tests can be done using: gpg --rfc4880bis --pinentry-mode=loopback --passphrase abc \ --force-aead --aead-algo ocb --s2k-mode 0 --cipher AES \ -v -z 0 --status-fd 2 -c <INFILE >OUTFILE and gpg --rfc4880bis --pinentry-mode=loopback --passphrase=abc \ --status-fd 2 -v -d <INFILE >OUTFILE Public key encryption should also work but I didn't test that yet. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.