no error returns when a wrong key/iv is used for decrypting
Yves Pagani
ypagani at aps.edu.pl
Fri Feb 18 09:55:36 CET 2011
On Thu, Feb 17, 2011 at 06:28:11PM +0100, Werner Koch wrote:
> On Thu, 17 Feb 2011 15:03, nmav at gnutls.org said:
>
> > decrypted (you have to define wrong). What you want is to add an
> > authentication layer to that. I.e. add an HMAC to your encrypted data.
>
> Or do a plaintext detection to see whether you got the right key.
> OpenPGP uses such a feature without introducing the HMAC overhead. The
> advantage of such a detection feature is that you can check the key
> right after decrypting a few blocks and not only after having decrypted
> a few gigs of ciphertext. Anyway, it is all a matter of the protocol
> and not of the crypto building blocks.
Hi Nikos, Hi Werner,
Thanks for your quick answers.
I, indeed, though that checking the error code of the cipher_decrypt will allow me to warn the user (me in my case :) ) if a wrong key is given (like gpg does when a wrong passphrase is entered).
Now, with your explanations I have a clearer understanding how to do it properly/working.
By the way, many thanks to all the developpers who done this great library and other related tools (gnutls, gnupg and so on).
Have a nice day.
Best regards,
Yves Pagani
--
Darth Vader sleeps with a Teddywookie.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: </pipermail/attachments/20110218/25cce89b/attachment.pgp>
More information about the Gcrypt-devel
mailing list