another question, and a small patch

Vladimir Vukicevic vladimir@helixcode.com
Tue, 13 Jun 2000 10:43:45 -0400 

Hi.. thanks for the quick response :-)

Werner Koch wrote:

> You are doing public-key encryption on large data blocks - this is the

> problem.  Nearly all encryption tools don't do this but use a hybrid

> scheme:  You generate a random session key, encrypt this using a

> public-key algorithm and then you encrypt the bulk data with a

> symmetric algorithm like Twofish.  You have to take care about many

> other things too - otherwise you don't get real security.


Yeah, I realized my idiocy right around 2am.. everything is MUCH faster
now,
but I'm running into a weird bug where gcry_pk_decrypt() crashes UNLESS
I do
a gcry_sexp_dump(key); right before it. If the key doesn't get printed,
decrypt crashes. If it gets printed, everything works fine. Bizzare.


> If you are looking for a data format for encryption; you should

> take several things into account:

> 

>   o Is it an synchronous (tcp connection) or asynchronous (store and

>     forward, email) communication channel.

>   o Is it a long term connection or is the connection establish

>     many times (ssh vs. http)

>   o What is the size of the payload

>   o Do you need perfect forward security

>   o ...

> 

> OpenPGP is a good protocol for asyncronous communication.  TLS is

> good for HTTP like transactions and the SSH v2 protocols are fine for

> long term connections.  If you are going for the SSh protocols; I have

> a started with a library implementation which handles all the protocol

> stuff (GSTI - GNU Secure Transport Initiative).


Well, it's running directly over HTTP -- but we need public key support;
also, there is unfortunately no TLS/SSL library that is fully GPL'd,
something that is important
to us as our resulting application is to be released under the GPL.


> > I also ran into some problems with the sexp implementation.. The

> 

> No wonder.  I should put the brown bag over my head.  Thanks for the

> patches, I'll take them into account.

> 

> BTW, I started writing some example code for libgcrypt.


Cool.. that'll be nice.

I'm a little unclear as to the different versions of GnuPG -- what is
the planned release date for the one that includes libgcrypt?

	- Vlad