Camellia

vedaal at hush.com vedaal at hush.com
Thu Jun 12 23:52:42 CEST 2008


John W. Moore III jmoore3rd at bellsouth.net
wrote on Thu Jun 12 19:38:16 CEST 2008 :

>I may be mis-reading Your question.

yes,
suggestion only, for a workaround,
  
>Upon re-reading I am of the opinion
>that what You desire may already be covered with use of the
>preferred-algo-preference string placed within gpg.conf.

no,
that allows the user to choose which cipher to use for encryption
to begin with

my suggestion is *after* Camellia is enabled in a hacked version 
and unable to be decrypted in the hacked version when the message 
was encrypted using Camellia in a later version

the problem with changing the name of the cipher in a later (open-
pgp approved version) is that when the session key is retrieved 
from the public key encrypted packet, it needs to know what cipher 
it is to be plugged into to decrypt

for the sake of illustration,
let's say that a newer version that may be calling Camellia with 
the identifier of 13,
the older version, which thinks that Camellia is 11, and is using 
13 for yet another cipher,  will not be able to decrypt the message 
from the newer version that used the identifier 13, because it is 
trying to use the session key with the wrong cipher

my workaround suggestion,
was similar to the solution for decryption of messages done with 
the throw-keyid option

Disastry's last version of pgp 2.3i-multi-6,
had two variations of the throw-keyid option:
random keyid,
and 
fake keyid

in both variations, the keyid listed as part of the pgp message,
was NOT the public key that the session key was encrypted to

the gnupg option used to decrypt such messages,
was --try-all-secrets


similarly,
as a workaround suggestion,
if decryption doesn't work because the correct session key has the 
wrong cipher identifier,
it could be still be decrypted by making an option of
--try-all-ciphers
(easier,
because the passphrase doesn't have to be re-entered for each key ;-
) )

again,
NOT a feature request for the gnupg development team :-)
(am quite happy to wait for the 'official' version, whenever that 
may be)


sorry if i didn't write it clearly in my earlier post


vedaal

any ads or links below this message are added by hushmail without 
my endorsement or awareness of the nature of the link

--
Click here if you're tired of your job and want to increase your salary.
http://tagline.hushmail.com/fc/Ioyw6h4dBjsaEn26hZilhUk9p4D3LoLePYM31pKYD9uMHRALWomYTl/




More information about the Gnupg-users mailing list