[mike@halcrow.us: gnupgfs]

Michael Halcrow mike at halcrow.us
Mon Aug 30 19:19:20 CEST 2004

On Mon, Aug 30, 2004 at 01:04:11PM +0200, Werner Koch wrote:
> > all 0's, with random text prepended to substitute)?  How does it
> > handle the very last block of plaintext, if the size of that block is
> > less than the cipher block size?
> It does not need to.  A CFB stream may end at any byte without taking
> the block length in account.  

So I assume that this is done by simply x'oring the first n bytes of
the last block of plaintext with the first n bytes of the last FRE?

> > And things will go a lot faster if I can just use CBC for now, so
> > please tell me GnuPG can handle that.  :-)
> Well, you can define your private extensions to OpenPGP (e.g. a CBC
> variant) but an OpenPGP application may or may not be able to handle
> it.  Certainly we could add this extension to GnupG if it really makes
> sense.  OTOH, it ould be far easier to add a CFB mode to Linux.

It actually involves some footwork, since the kernel crypto API
currently only supports data that is a multiple of the block size.  I
am currently in the process of altering that behavior.

                         Michael A. Halcrow                          
       Security Software Engineer, IBM Linux Technology Center       
GnuPG Fingerprint: 05B5 08A8 713A 64C1 D35D  2371 2D3C FDDA 3EB6 601D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20040830/465afc31/attachment.bin

More information about the Gnupg-devel mailing list