Re: [openpgp] AEAD encrypted data packet with EAX

Werner Koch <> Tue, 25 July 2017 19:10 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 01B40131714 for <>; Tue, 25 Jul 2017 12:10:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id opsfGlqhHUg5 for <>; Tue, 25 Jul 2017 12:10:06 -0700 (PDT)
Received: from ( [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3C692131E9D for <>; Tue, 25 Jul 2017 12:10:05 -0700 (PDT)
Received: from uucp by with local-rmail (Exim 4.89 #1 (Debian)) id 1da5DX-0000nP-4n for <>; Tue, 25 Jul 2017 21:10:03 +0200
Received: from wk by with local (Exim 4.84 #3 (Debian)) id 1da57f-00086E-Fn; Tue, 25 Jul 2017 21:03:59 +0200
From: Werner Koch <>
To: "brian m. carlson" <>
References: <> <>
Organisation: The GnuPG Project
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: url=
Mail-Followup-To: "brian m. carlson" <>,
Date: Tue, 25 Jul 2017 21:03:53 +0200
In-Reply-To: <> (brian m. carlson's message of "Fri, 21 Jul 2017 22:21:50 +0000")
Message-ID: <>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=munitions_ANZUS_Telex_Lexis-Nexis_eternity_server_Mafia_embassy=crac"; micalg=pgp-sha256; protocol="application/pgp-signature"
Archived-At: <>
Subject: Re: [openpgp] AEAD encrypted data packet with EAX
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 25 Jul 2017 19:10:11 -0000

On Sat, 22 Jul 2017 00:21, said:

> I've updated my proposal and will be sending out a series of three
> patches shortly.  As Werner suggested, I've moved the IV requirements to
> the mode specification and I've expanded the possible values of the
> cipher type octet.

Thanks.  I pushed your patches so that we can use this as a starting
point.  I made two changes:

 - Assigned tag 20 for the AEAD Encrypted data packet
 - Removed a probably left-over sentence:

    An implementation MUST support chunk size octets with values from 0
    to 56.  An implementation MAY support other chunk sizes.  Chunk size
    octets with other values are reserved for future extensions.

and also pushed this to indicate the support for AEAD

--8<---------------cut here---------------start------------->8---
@@ -1594,6 +1594,9 @@ #### {} Features
     0x01 - Modification Detection (packets 18 and 19)
+    0x02 - AEAD Encrypted Data Packet (packet 20) and version 5
+           Symmetric-Key Encrypted Session Key Packets (packet 3)
 If an implementation implements any of the defined features, it SHOULD
 implement the Features subpacket, too.
--8<---------------cut here---------------end--------------->8---

> with AEAD and a secret key packet with AEAD.  These packets use a fixed
> value of 10 for the chunk size octet (a chunk of 65536 bytes), which

I am fine with this.

> I welcome comments on this proposal with the goal of trying to get
> consensus.

Do we have an RFC for EAX Mode?  That would make a better reference.

I think we should have a more verbose description of the AEAD chunk
construction in particular related to the use of the IV/nonce in the



I uploaded a rendered version to

Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.