another question, and a small patch
Werner Koch
wk@gnupg.org
Tue, 13 Jun 2000 11:07:21 +0200
Hi,
On Mon, 12 Jun 2000, Vladimir Vukicevic wrote:
> Okay, I got my issues worked out -- now, it's mainly speed. My code
> basically does this.. reads 128-byte blocks from an input file, does a
> gcry_mpi_scan on the blocks, then makes a SEXP from that MPI, does
> a pk_encrypt(), and then writes the resulting MPI a/b pair to a
> file. (I'm using ElGamal.) The problem is that it's ridiculously slow;
> encoding a simple 6k file takes about 8 seconds, which is completely
You are doing public-key encryption on large data blocks - this is the
problem. Nearly all encryption tools don't do this but use a hybrid
scheme: You generate a random session key, encrypt this using a
public-key algorithm and then you encrypt the bulk data with a
symmetric algorithm like Twofish. You have to take care about many
other things too - otherwise you don't get real security.
If you are looking for a data format for encryption; you should
take several things into account:
o Is it an synchronous (tcp connection) or asynchronous (store and
forward, email) communication channel.
o Is it a long term connection or is the connection establish
many times (ssh vs. http)
o What is the size of the payload
o Do you need perfect forward security
o ...
OpenPGP is a good protocol for asyncronous communication. TLS is
good for HTTP like transactions and the SSH v2 protocols are fine for
long term connections. If you are going for the SSh protocols; I have
a started with a library implementation which handles all the protocol
stuff (GSTI - GNU Secure Transport Initiative).
> I also ran into some problems with the sexp implementation.. The
No wonder. I should put the brown bag over my head. Thanks for the
patches, I'll take them into account.
BTW, I started writing some example code for libgcrypt.
Werner
--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk@OpenIT.de
D-40233 Duesseldorf http://www.OpenIT.de