another question, and a small patch

Werner Koch
Tue, 13 Jun 2000 11:07:21 +0200


On Mon, 12 Jun 2000, Vladimir Vukicevic wrote:

> Okay, I got my issues worked out -- now, it's mainly speed. My code
> basically does this.. reads 128-byte blocks from an input file, does a
> gcry_mpi_scan on the blocks, then makes a SEXP from that MPI, does
> a pk_encrypt(), and then writes the resulting MPI a/b pair to a
> file. (I'm using ElGamal.) The problem is that it's ridiculously slow;
> encoding a simple 6k file takes about 8 seconds, which is completely
You are doing public-key encryption on large data blocks - this is the problem. Nearly all encryption tools don't do this but use a hybrid scheme: You generate a random session key, encrypt this using a public-key algorithm and then you encrypt the bulk data with a symmetric algorithm like Twofish. You have to take care about many other things too - otherwise you don't get real security. If you are looking for a data format for encryption; you should take several things into account: o Is it an synchronous (tcp connection) or asynchronous (store and forward, email) communication channel. o Is it a long term connection or is the connection establish many times (ssh vs. http) o What is the size of the payload o Do you need perfect forward security o ... OpenPGP is a good protocol for asyncronous communication. TLS is good for HTTP like transactions and the SSH v2 protocols are fine for long term connections. If you are going for the SSh protocols; I have a started with a library implementation which handles all the protocol stuff (GSTI - GNU Secure Transport Initiative).
> I also ran into some problems with the sexp implementation.. The
No wonder. I should put the brown bag over my head. Thanks for the patches, I'll take them into account. BTW, I started writing some example code for libgcrypt. Werner -- Werner Koch OpenPGP key 621CC013 OpenIT GmbH tel +49 211 239577-0 Birkenstr. 12 email D-40233 Duesseldorf