How to decrypt multiple blocks in one text file

Neil Williams linux at codehelp.co.uk
Sat Oct 18 00:41:33 CEST 2003


On Friday 17 Oct 2003 8:33 pm, Hanno Mueller wrote:
> Neil Williams schrieb:
> > can't protect data on the server once the server itself is compromised
> > without encrypting all sensitive data, not just the identification
> > strings for authentication.
>
> I'm aware of that, but that's not what I am about to do. I am not trying
> to encrypt username/password combos, but payment order information.

And as you describe, all sensitive data is being encrypted, OK.

> We transfer the collected payment data to a second computer, decrypt it

Clearly you must retain the context of the data (each dataset distinct from 
all others with no overlaps or mixing) so I tried experimenting with ASCII vs 
binary outputs, various line separations/append operations with the same 
errors. I've also tried encapsulating multiple encryption blocks in a single 
email and only when it was MIME encoded could all blocks be decrypted.

The solution was to encompass the entire group in one single encryption block 
- in effect re-encrypt the encrypted data. I can't demonstrate it to you as 
you snipped some vital content from the first message and didn't sign it - so 
I don't have access to a usable public key for you to decrypt.

Note: Sending using the inline PGP function within KMail (which does not use 
MIME) does not allow decryption of the included blocks despite the 
overlapping encryption of the group. Only sending via S/MIME allows 
decryption of all blocks.

This is sample output from an S/MIME test message to myself using KMail and 
the OpenPGP plugin to create the MIME boundaries.

Encrypted message
Encrypted message
test2   person2  account2 amount2  item2
End of encrypted message
Encrypted message
test1   person  account amount  item
End of encrypted message
End of encrypted message

So it's MIME or some form of scripting to split the file on a known marker - 
the same principle for each.

I know that's not what you wanted to hear, but there it is.

S/MIME is no easier to implement in your situation than a perl script but at 
least it does still retain one file. Perl could split the file on the key 
block markers, output one complete block to the GnuPG::Interface module in 
sequence and build the decrypted file block by block. Either way, there's a 
reasonable amount of work involved in building the script and handling 
errors. ASCII armoured key blocks lend themselves to regular expressions but 
you might want to avoid using join() to make the block into a single line 
expression because of line end problems on decryption. Test for the begin 
block, check each line following for end block and output to GnuPG::Interface 
as one unit block.

I suspect that this is exactly how S/MIME decrypts the sample message - 
isolate each block using MIME boundaries and build the whole from the 
component blocks.


-- 

Neil Williams
=============
http://www.codehelp.co.uk/
http://www.dclug.org.uk/
http://www.isbn.org.uk/
http://sourceforge.net/projects/isbnsearch/

http://www.biglumber.com/x/web?qs=0x8801094A28BCB3E3
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : /pipermail/attachments/20031017/4b83cf4a/attachment.bin


More information about the Gnupg-users mailing list