Mismatch between binary and ASCII-armored output for encrypted message
Chris Sutton
lists at chrissutton.org
Wed Sep 30 15:53:04 CEST 2009
Hi Daniel,
Thanks for your reply, that does make perfect sense. In theory I do
understand how PGP works, but this is the first time I've gotten my
hands dirty so things are still clicking into place!
The actual problem I was debugging is why the binary output decrypts
okay in another crypto library, but my base64-decoded version of the
ASCII-armored output does not. I over-simplified my test case to
expecting the two to be identical!
I've now tracked this down as a problem with compression/decompression
which I was able to fix.
Thanks again,
Chris
Daniel Kahn Gillmor wrote:
> On 09/30/2009 05:27 AM, Chris Sutton wrote:
>> It appears as if GPG is putting slightly different binary data into the
>> ASCII-armored version as into the direct binary output. Is this possible?
>
> OpenPGP encryption is a hybrid model:
>
> first, a random session key is generated.
>
> then the random session key is used with a reasonable stream cipher
> (3DES, AES, etc) to symmetrically encrypt the data in question.
>
> then the session key is asymmetrically encrypted (once for each
> recipient's key).
>
> The resultant block is the concatenation of the ciphertext and the
> encrypted session keys.
>
>
> Note that the first step involves some randomization (as it should!) --
> this means that each encryption of the same cleartext will yield
> radically different ciphertext.
>
> I suspect this difference is what you're seeing, not any issue with
> base64-encoding.
>
> does this make sense?
>
> --dkg
>
More information about the Gnupg-users
mailing list