another question, and a small patch

Vladimir Vukicevic
Tue, 13 Jun 2000 10:43:45 -0400

Hi.. thanks for the quick response :-)

Werner Koch wrote:

> You are doing public-key encryption on large data blocks - this is the
> problem. Nearly all encryption tools don't do this but use a hybrid
> scheme: You generate a random session key, encrypt this using a
> public-key algorithm and then you encrypt the bulk data with a
> symmetric algorithm like Twofish. You have to take care about many
> other things too - otherwise you don't get real security.
Yeah, I realized my idiocy right around 2am.. everything is MUCH faster now, but I'm running into a weird bug where gcry_pk_decrypt() crashes UNLESS I do a gcry_sexp_dump(key); right before it. If the key doesn't get printed, decrypt crashes. If it gets printed, everything works fine. Bizzare.
> If you are looking for a data format for encryption; you should
> take several things into account:
> o Is it an synchronous (tcp connection) or asynchronous (store and
> forward, email) communication channel.
> o Is it a long term connection or is the connection establish
> many times (ssh vs. http)
> o What is the size of the payload
> o Do you need perfect forward security
> o ...
> OpenPGP is a good protocol for asyncronous communication. TLS is
> good for HTTP like transactions and the SSH v2 protocols are fine for
> long term connections. If you are going for the SSh protocols; I have
> a started with a library implementation which handles all the protocol
> stuff (GSTI - GNU Secure Transport Initiative).
Well, it's running directly over HTTP -- but we need public key support; also, there is unfortunately no TLS/SSL library that is fully GPL'd, something that is important to us as our resulting application is to be released under the GPL.
> > I also ran into some problems with the sexp implementation.. The
> No wonder. I should put the brown bag over my head. Thanks for the
> patches, I'll take them into account.
> BTW, I started writing some example code for libgcrypt.
Cool.. that'll be nice. I'm a little unclear as to the different versions of GnuPG -- what is the planned release date for the one that includes libgcrypt? - Vlad