Minimal GnuPG-processable File

David Shaw dshaw at
Fri Sep 3 23:20:57 CEST 2004

On Thu, Sep 02, 2004 at 04:19:27PM -0500, Michael Halcrow wrote:
> I just ran gpg through gdb and watched how it broke up packets, so I
> think I understand the process and file format well enough at this
> point.  It looks like the session key is just derived from the
> passphrase.  In OpenPGP, is there a way to specify a different session
> key, and have the key itself be encrypted by a key derived from the
> passphrase?

Yes.  The tag 3 packet can support both "passphrase mangled to key"
and "passphrase mangled to key that is used to decrypt session key"
functionality.  GnuPG can decrypt either form.

> If I have several tag 3 packets encapsulating tag 11 packets
> concatenated together (to support random access), will GnuPG just
> know to use the most recent session key for each of the packets, or
> will it expect a separate tag 3 packet for each tag 11 packet?  If I
> use the _CONSOLE filename for each tag 11 packet, will GPG simply
> dump out a concatenation of the contents of each packet (so one can
> do gpg -d file.gpg > file)?  Again, I'll figure all this out on my
> own soon enough, but any comments would be helpful.

Unfortunately, you're creating packet arrangements that never occur in
current OpenPGP usage, so you're likely to hit some problems.  Check
the grammar in RFC-2440: tag 3(tag 11 + tag 11) isn't currently legal

tag 3 (tag 11) + tag 3 (tag 11) is not exactly legal either, but could
be treated as two different messages, each consisting of a 3(11).  I
seem to recall that GnuPG doesn't handle that right now, but don't
recall the reason offhand.


More information about the Gnupg-devel mailing list