Mismatch between binary and ASCII-armored output for encrypted message

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Sep 30 15:38:00 CEST 2009


On 09/30/2009 05:27 AM, Chris Sutton wrote:
> It appears as if GPG is putting slightly different binary data into the
> ASCII-armored version as into the direct binary output. Is this possible?

OpenPGP encryption is a hybrid model:

 first, a random session key is generated.

 then the random session key is used with a reasonable stream cipher
(3DES, AES, etc) to symmetrically encrypt the data in question.

 then the session key is asymmetrically encrypted (once for each
recipient's key).

The resultant block is the concatenation of the ciphertext and the
encrypted session keys.


Note that the first step involves some randomization (as it should!) --
this means that each encryption of the same cleartext will yield
radically different ciphertext.

I suspect this difference is what you're seeing, not any issue with
base64-encoding.

does this make sense?

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090930/3cfa46f2/attachment.pgp>


More information about the Gnupg-users mailing list