Re: [openpgp] v5 Secret-Key Packet Formats

Werner Koch <wk@gnupg.org> Fri, 12 January 2018 16:30 UTC

Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3837A12D943 for <openpgp@ietfa.amsl.com>; Fri, 12 Jan 2018 08:30:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id idPtA2EBmV33 for <openpgp@ietfa.amsl.com>; Fri, 12 Jan 2018 08:30:16 -0800 (PST)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [IPv6:2001:aa8:fff1:100::22]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 070DC12420B for <openpgp@ietf.org>; Fri, 12 Jan 2018 08:30:16 -0800 (PST)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1 (Debian)) id 1ea2De-0004pr-VN for <openpgp@ietf.org>; Fri, 12 Jan 2018 17:30:14 +0100
Received: from wk by wheatstone.g10code.de with local (Exim 4.84 #3 (Debian)) id 1ea26V-0002Xk-0w; Fri, 12 Jan 2018 17:22:51 +0100
From: Werner Koch <wk@gnupg.org>
To: Tom Ritter <tom@ritter.vg>
Cc: IETF OpenPGP <openpgp@ietf.org>, "brian m. carlson" <sandals@crustytoothpaste.net>
In-Reply-To: <CA+cU71ng8ssamWGgLg-LHkqo6Jk4YF=xTmzH-71AvkKm=njgBA@mail.gmail.com> (Tom Ritter's message of "Fri, 12 Jan 2018 09:22:44 -0600")
References: <87a7xjfk07.fsf@wheatstone.g10code.de> <CA+cU71ng8ssamWGgLg-LHkqo6Jk4YF=xTmzH-71AvkKm=njgBA@mail.gmail.com>
User-Agent: Gnus/5.13 (Gnus v5.13)
Organisation: The GnuPG Project
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
Mail-Followup-To: Tom Ritter <tom@ritter.vg>, IETF OpenPGP <openpgp@ietf.org>, "brian m. carlson" <sandals@crustytoothpaste.net>
Date: Fri, 12 Jan 2018 17:22:45 +0100
Message-ID: <87y3l3dp2i.fsf@wheatstone.g10code.de>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=Comirex_EuroFed_INS_Centro_Aladdin_crypto_anarchy_Bush_Wired_Mossad="; micalg=pgp-sha256; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/vONGIUUT6h2MGymJrEYFgNNEFUc>
Subject: Re: [openpgp] v5 Secret-Key Packet Formats
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Jan 2018 16:30:18 -0000

On Fri, 12 Jan 2018 16:22, tom@ritter.vg said:

> Would this be adding a new mode that would have to be implemented?
> That is in addition to adding chunked AEAD we're now also adding
> non-chunked AEAD?

No.  Like the current CFB mode, AEAD will be used at 3 places:

 1. Bulk data encryption

 2. Encryption used by the secret-key session key packet (which makes it
    possible to encrypt to several passphrases)

 3. Encryption of the secret key.

My claim is that the chunked mode is only used for 1.  For 2 and 3 we
can avoid any chunked mode and thus do not need to assume a certain
chunk size.

Sure, we could also keep on using CFB for 2 and 3 but that would require
a minimalist implementation to implement CFB and AEAD(EAX).



Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.