Another possible private key protection method

Werner Koch wk at
Fri May 27 12:46:42 CEST 2016

On Thu, 26 May 2016 09:11, gniibe at said:

> It's something like the one-time pad system and a variant of Vernam
> cipher.

Although the system sounds plausible, I would not suggest to use any
ad-hoc methods just to ...

> Benefit for Gnuk is that we won't need to have AES implementation.

... avoid an AES implementation.  I can see the reason why you do not
want AES, but in you may also use another established cipher which
requires less code size and can make use of already implemented hash
algorithms.  Given that the keys to protect are small, what about using
the already implemented X25519 in place of a symmetric cipher?



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
    /* EFH in Erkrath: */

More information about the Gnupg-devel mailing list