Bug in GnuPG

Kurt Fitzner kfitzner at excelcia.org
Wed Jan 11 13:01:49 CET 2006


It seems to me that the loop nesting just needs to be reversed.

It seems like the way GnuPG works is that it has a list of session keys,
and a list of private keys.  It then iterates through the list of
session keys and tries to see if any private key matches.  This makes it
so that if the session key is anonymous, it has to ask for each private
key passphrase in turn, and do this for each and every session key.

If the logic were reversed, this would be avoided.  Iterate through the
private keys first, then test each private key to see if it will decrypt
a session key.  The passphrase is asked for once for each private key
instead of for each session key times the number of private keys.

ie: right now, it works this way
   for (int s = 0; s < NumSessionKeys; s++) {
     for (int k = 0; k < NumPrivateKeys; k++) {
       char *PassPhrase = GetPassphrase(PrivateKeyList[k]);
       if (DecryptSessionKey(SessionKeyList[s], PassPhrase))
         /* decrypt message here */
     }
   }

Perhaps it would be better like this:
   for (int k = 0; k < NumPrivateKeys; k++) {
     char *PassPhrase = GetPassphrase(PrivateKeyList[k]);
     for (int s = 0; s < NumSessionKeys; s++) {
       if (DecryptSessionKey(SessionKeyList[s], PassPhrase))
         /* decrypt message here */
     }
   }

That's a terrible simplification, but it seems to me like the logic
works better this way.

	Kurt.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 305 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20060111/03d3a066/signature-0001.pgp


More information about the Gnupg-users mailing list