another question, and a small patch
Vladimir Vukicevic
vladimir@helixcode.com
Tue, 13 Jun 2000 10:43:45 -0400
Hi.. thanks for the quick response :-)
Werner Koch wrote:
> You are doing public-key encryption on large data blocks - this is the
> problem. Nearly all encryption tools don't do this but use a hybrid
> scheme: You generate a random session key, encrypt this using a
> public-key algorithm and then you encrypt the bulk data with a
> symmetric algorithm like Twofish. You have to take care about many
> other things too - otherwise you don't get real security.
Yeah, I realized my idiocy right around 2am.. everything is MUCH faster
now,
but I'm running into a weird bug where gcry_pk_decrypt() crashes UNLESS
I do
a gcry_sexp_dump(key); right before it. If the key doesn't get printed,
decrypt crashes. If it gets printed, everything works fine. Bizzare.
> If you are looking for a data format for encryption; you should
> take several things into account:
>
> o Is it an synchronous (tcp connection) or asynchronous (store and
> forward, email) communication channel.
> o Is it a long term connection or is the connection establish
> many times (ssh vs. http)
> o What is the size of the payload
> o Do you need perfect forward security
> o ...
>
> OpenPGP is a good protocol for asyncronous communication. TLS is
> good for HTTP like transactions and the SSH v2 protocols are fine for
> long term connections. If you are going for the SSh protocols; I have
> a started with a library implementation which handles all the protocol
> stuff (GSTI - GNU Secure Transport Initiative).
Well, it's running directly over HTTP -- but we need public key support;
also, there is unfortunately no TLS/SSL library that is fully GPL'd,
something that is important
to us as our resulting application is to be released under the GPL.
> > I also ran into some problems with the sexp implementation.. The
>
> No wonder. I should put the brown bag over my head. Thanks for the
> patches, I'll take them into account.
>
> BTW, I started writing some example code for libgcrypt.
Cool.. that'll be nice.
I'm a little unclear as to the different versions of GnuPG -- what is
the planned release date for the one that includes libgcrypt?
- Vlad