Symmetric Encryption Requirement

David Shaw dshaw at
Fri Dec 19 11:00:25 CET 2003

On Fri, Dec 19, 2003 at 10:53:22AM -0500, Mark Jacobs wrote:
Content-Description: signed data
> On Friday 19 December 2003 10:41 am, David Shaw wrote:
> <snip>
> > You can get the key with --show-session-key and write it to a file
> > however you like, but it is unlikely you will be able to decrypt the
> > data without doing some work, as OpenPGP programs use a special
> > "OpenPGP cipher feedback mode" which may not be supported by your
> > generic 3DES implementation.
> Is this special mode described anywhere other than the source code?


> Is there a way to request generic 3DES?

You can modify the GnuPG code.  See cipher/cipher.c and cipher/des.c.
The code is capable of doing regular CFB, but obviously that piece of
the code doesn't get used too often since it isn't used in PGP.

> > Why not just run GnuPG on the mainframe?
> >
> The mainframe process that we are looking for is by the nature of the
> mainframe a batch process without human interaction, i.e. hard for the
> mainframe to enter a passphrase when prompted by GNUPG.

GnuPG can decrypt in batch processes - it can take the passphrase via
stdin and never prompt the user.

> Also GNUPG has not been ported to run in the mainframe UNIX or
> native environment.

The major difficulty in porting GnuPG to odd platforms is the need for
a random number source.  Since you are only decrypting on the
mainframe, no true randomness is needed for that.  This should make
porting substantially easier.  What happens when you do ./configure on
GnuPG on the mainframe?


More information about the Gnupg-users mailing list