Adding a nonce before hashing as covert channel
Werner Koch
wk at gnupg.org
Wed Dec 18 15:40:38 CET 2024
On Wed, 18 Dec 2024 11:30, Andrew Gallagher said:
> LibrePGP is a specification agreed upon by *two* implementations. If
> you arbitrarily include RNP (i.e. Thunderbird) but not openpgp.js
> (i.e. Protonmail, Mailvelope, FlowCrypt) in the “major real world
Web stuff which can be replaced in the blink of an eye. Nothing which
needs complicated consideration for deployment. Interoperability is not
about the number of implementations but about deployed implementations
and infrastructure.
BTW, the third player are all the big "commercial" and in-house
applications which are neither using the old PGP, or RNP, or GnuPG but
are using BouncyCastle which supports the LibrePGP specification (or
name it rfc4880bis) for many years.
Salam-Shalom,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20241218/c3727708/attachment.sig>
More information about the Gnupg-devel
mailing list