Minimal GnuPG-processable File
uug at halcrow.us
Thu Sep 9 15:14:36 CEST 2004
On Mon, Sep 06, 2004 at 10:26:47AM +0200, Werner Koch wrote:
> On Fri, 3 Sep 2004 17:20:57 -0400, David Shaw said:
> > be treated as two different messages, each consisting of a 3(11).
> > I seem to recall that GnuPG doesn't handle that right now, but
> > don't recall the reason offhand.
> That's due to an old problem with the signature format. We tried to
> figure out where a messages ends but this is not always possible in
> cases where old signatures (sig||data) and new signatures withou
> one-pass-packets (data||sig) are concatenated.
This complicates my attempt to write ``pgpfs''. I need to be able to
seek into the middle of the file and modify a portion without having
to decrypt everything before that point and encrypt everything past
that point; I would like to limit the amount that I have to decrypt
and encrypt to about one page. The performance will leave something
to be desired, but as long as OpenPGP dictates CFB, I have little
choice if I want GnuPG to be able to read the files written by my
Any suggestions on how to approach this? If GnuPG could only support
*reading* data encrypted using CTR mode, this would solve a lot of my
problems. If I were to submit a patch for this, how likely would the
GnuPG maintainers be to accepting it? It would probably involve
adding a new set of extended values for Symmetric Key Algorithm
identifiers. The RFC defines 100 to 110 as ``Private/Experimental''
algorithms; maybe they could be CTR-mode versions of the algorithms?
The primary goal here is for files written by cryptfs to be readable
by a common userspace utility like GnuPG.
Michael A. Halcrow
Security Software Engineer, IBM Linux Technology Center
GnuPG Fingerprint: 05B5 08A8 713A 64C1 D35D 2371 2D3C FDDA 3EB6 601D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20040909/268a5082/attachment.bin
More information about the Gnupg-devel