Oracle behavior in Gnupg? // (was 'possible bug in gpg?')
Ben McGinnes
ben at adversary.org
Tue Jul 31 11:56:00 CEST 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 31/07/12 1:14 AM, David Shaw wrote:
>
> Yes, this is expected behavior. It follows from what I explained
> earlier in this thread. When you use --override-session-key, you
> bypass the quick check (after all, you gave the override key -
> what is there to check?) so you are seeing GnuPG choke on the
> invalid OpenPGP structures resulting from the garbage decryption.
On a related note, is it possible to extract the session key
(--show-session-key), but without decrypting the file in the process?
Just obtain the session key and stop there? I've already tried -n
(--dry-run) and that still decrypts the file.
Regards,
Ben
-----BEGIN PGP SIGNATURE-----
iQGcBAEBCgAGBQJQF6uvAAoJEH/y03E1x1U8yrkL/1M6WOjwhLQ28iD5Bg+Ensu0
oezAbRumzdCe9l2H0seZ7NG79+/mLwlzIuVXe2IN10my2daesLfzHGyWNsj9bM/x
BNOpM+daBLd+lb9ceTsDayTbcYkpHbkhNW99UR50N5fNJWEeNwk6ukjk0c3QIXhk
HyoQG+OCzNc4W48mCWwt5tz3IObdjvzlpn/rll9n7i55BQIlwCd5TqfoWU8eSkFW
xzvT50P9rhZ0SaY7FVH1J6TYUKh7dN4IDv2jOUPghtGKkBh36bwQmfOSjmuwxm2w
SGx7eCKGoRx1M3JrkZKzwepl5VZtDhiERI9e3v1uz0tYsdBaBNzobkfu+am1PiD4
oMh1ic7OazieqCcfNYJyi5pBAIXq1oc71YyVzlNVlndmHAgu13o6eymijwb8EQqg
x1YcDG9RYCay4gJ5tzURahwpBRAz85znQDjjD20GA/Ocdgez5qDgLCeVScy/1+RG
xnPiNzPyEOjR73yDtIWPfgoHKtsuH+WjHuCVIs1BSQ==
=CxOe
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list