Bug in GnuPG
Kurt Fitzner
kfitzner at excelcia.org
Wed Jan 11 14:35:58 CET 2006
It seems to me that the loop nesting just needs to be reversed.
It seems like the way GnuPG works is that it has a list of session keys,
and a list of private keys. It then iterates through the list of
session keys and tries to see if any private key matches. This makes it
so that if the session key is anonymous, it has to ask for each private
key passphrase in turn, and do this for each and every session key.
If the logic were reversed, this would be avoided. Iterate through the
private keys first, then test each private key to see if it will decrypt
a session key. The passphrase is asked for once for each private key
instead of for each session key times the number of private keys.
ie: right now, it works this way
for (int s = 0; s < NumSessionKeys; s++) {
for (int k = 0; k < NumPrivateKeys; k++) {
char *PassPhrase = GetPassphrase(PrivateKeyList[k]);
if (DecryptSessionKey(SessionKeyList[s], PassPhrase))
/* decrypt message here */
}
}
Perhaps it would be better like this:
for (int k = 0; k < NumPrivateKeys; k++) {
char *PassPhrase = GetPassphrase(PrivateKeyList[k]);
for (int s = 0; s < NumSessionKeys; s++) {
if (DecryptSessionKey(SessionKeyList[s], PassPhrase))
/* decrypt message here */
}
}
That's a terrible simplification, but it seems to me like the logic
works better this way.
Kurt.
p.s. Would it be possible to get the reply-to for the GnuPG mailing
lists set to the list address? :p
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 305 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060111/e8dadc62/signature.pgp
More information about the Gnupg-devel
mailing list