Minimal GnuPG-processable File

Michael Halcrow uug at halcrow.us
Thu Sep 9 15:14:36 CEST 2004 

On Mon, Sep 06, 2004 at 10:26:47AM +0200, Werner Koch wrote:
> On Fri, 3 Sep 2004 17:20:57 -0400, David Shaw said:
> > be treated as two different messages, each consisting of a 3(11).
> > I seem to recall that GnuPG doesn't handle that right now, but
> > don't recall the reason offhand.
>
> That's due to an old problem with the signature format. We tried to
> figure out where a messages ends but this is not always possible in
> cases where old signatures (sig||data) and new signatures withou
> one-pass-packets (data||sig) are concatenated.

This complicates my attempt to write ``pgpfs''.  I need to be able to
seek into the middle of the file and modify a portion without having
to decrypt everything before that point and encrypt everything past
that point; I would like to limit the amount that I have to decrypt
and encrypt to about one page.  The performance will leave something
to be desired, but as long as OpenPGP dictates CFB, I have little
choice if I want GnuPG to be able to read the files written by my
filesystem.

Any suggestions on how to approach this?  If GnuPG could only support
*reading* data encrypted using CTR mode, this would solve a lot of my
problems.  If I were to submit a patch for this, how likely would the
GnuPG maintainers be to accepting it?  It would probably involve
adding a new set of extended values for Symmetric Key Algorithm
identifiers.  The RFC defines 100 to 110 as ``Private/Experimental''
algorithms; maybe they could be CTR-mode versions of the algorithms?

The primary goal here is for files written by cryptfs to be readable
by a common userspace utility like GnuPG.

Thanks,
Mike
.___________________________________________________________________.
                         Michael A. Halcrow                          
       Security Software Engineer, IBM Linux Technology Center       
GnuPG Fingerprint: 05B5 08A8 713A 64C1 D35D  2371 2D3C FDDA 3EB6 601D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20040909/268a5082/attachment.bin

More information about the Gnupg-devel mailing list