gcry_cipher_decrypt usage
Joe the Shmoe
news at edrusb.is-a-geek.org
Thu Apr 7 22:14:58 CEST 2011
Werner Koch a écrit :
> On Thu, 7 Apr 2011 10:55, news at edrusb.is-a-geek.org said:
>
>> Cipher used is blowfish. In this buggy situation, gcry_cipher_decrypt()
>
> What cipher mode (CBC, CFB, CTR, ...) and depending on that what kind of
> padding to you use. How do you call gcry_cipher_open?
gcry_cipher_hd_t clef;
err = gcry_cipher_open(&clef,
algo_id, // equal to GCRY_CIPHER_BLOWFISH
GCRY_CIPHER_MODE_CBC,
GCRY_CIPHER_SECURE);
etc...
>
>> The fact that clear data is located after the ciphered data is not
>
> Sure it can't know that and will happlity decrypt this.
OK, I better see the picture now, and understand my mistake.
> gcry_cipher_decrypt can's distinguish between cleartext and ciphertext.
> The upper layer (i.e. the protocol) must define how this can be done.
Yep, I must review this upper layer in Disk ARchive, to handle the
particular and rare situation in which this condition occur and thus
avoid having clear text after ciphered one being passed to
gcry_cipher_decrypt().
>
>> time, gcry_cipher_decrypt() returns an error as expected, because the
>
> gcry_cipher_decrypt can't return an error except for cases where you you
> pass an invalid data length (e.g. not a multiple of the blocklength).
>
> Shalom-Salam,
>
> Werner
>
Werner, Thank you for your clear explanations. And also, at this
occasion, thank you for GnuPG. ;-)
Best Regards,
Denis Corbin.
More information about the Gcrypt-devel
mailing list