Symmetric Encryption Requirement
David Shaw
dshaw at jabberwocky.com
Fri Dec 19 11:00:25 CET 2003
On Fri, Dec 19, 2003 at 10:53:22AM -0500, Mark Jacobs wrote:
Content-Description: signed data
> On Friday 19 December 2003 10:41 am, David Shaw wrote:
>
> <snip>
>
> > You can get the key with --show-session-key and write it to a file
> > however you like, but it is unlikely you will be able to decrypt the
> > data without doing some work, as OpenPGP programs use a special
> > "OpenPGP cipher feedback mode" which may not be supported by your
> > generic 3DES implementation.
>
> Is this special mode described anywhere other than the source code?
RFC-2440: http://www.faqs.org/rfcs/rfc2440.html
> Is there a way to request generic 3DES?
You can modify the GnuPG code. See cipher/cipher.c and cipher/des.c.
The code is capable of doing regular CFB, but obviously that piece of
the code doesn't get used too often since it isn't used in PGP.
> > Why not just run GnuPG on the mainframe?
> >
>
> The mainframe process that we are looking for is by the nature of the
> mainframe a batch process without human interaction, i.e. hard for the
> mainframe to enter a passphrase when prompted by GNUPG.
GnuPG can decrypt in batch processes - it can take the passphrase via
stdin and never prompt the user.
> Also GNUPG has not been ported to run in the mainframe UNIX or
> native environment.
The major difficulty in porting GnuPG to odd platforms is the need for
a random number source. Since you are only decrypting on the
mainframe, no true randomness is needed for that. This should make
porting substantially easier. What happens when you do ./configure on
GnuPG on the mainframe?
David
More information about the Gnupg-users
mailing list