Minimal GnuPG-processable File
David Shaw
dshaw at jabberwocky.com
Fri Sep 3 23:20:57 CEST 2004
On Thu, Sep 02, 2004 at 04:19:27PM -0500, Michael Halcrow wrote:
> I just ran gpg through gdb and watched how it broke up packets, so I
> think I understand the process and file format well enough at this
> point. It looks like the session key is just derived from the
> passphrase. In OpenPGP, is there a way to specify a different session
> key, and have the key itself be encrypted by a key derived from the
> passphrase?
Yes. The tag 3 packet can support both "passphrase mangled to key"
and "passphrase mangled to key that is used to decrypt session key"
functionality. GnuPG can decrypt either form.
> If I have several tag 3 packets encapsulating tag 11 packets
> concatenated together (to support random access), will GnuPG just
> know to use the most recent session key for each of the packets, or
> will it expect a separate tag 3 packet for each tag 11 packet? If I
> use the _CONSOLE filename for each tag 11 packet, will GPG simply
> dump out a concatenation of the contents of each packet (so one can
> do gpg -d file.gpg > file)? Again, I'll figure all this out on my
> own soon enough, but any comments would be helpful.
Unfortunately, you're creating packet arrangements that never occur in
current OpenPGP usage, so you're likely to hit some problems. Check
the grammar in RFC-2440: tag 3(tag 11 + tag 11) isn't currently legal
OpenPGP.
tag 3 (tag 11) + tag 3 (tag 11) is not exactly legal either, but could
be treated as two different messages, each consisting of a 3(11). I
seem to recall that GnuPG doesn't handle that right now, but don't
recall the reason offhand.
David
More information about the Gnupg-devel
mailing list