From wk at gnupg.org Wed Nov 5 14:23:49 2025 From: wk at gnupg.org (Werner Koch) Date: Wed, 05 Nov 2025 14:23:49 +0100 Subject: Minor edits to the specification Message-ID: <87h5v8395m.fsf@jacob.g10code.de> Hi! I did some minor edits to the specification to clarify things: 1. PQC encryption (commit 229f5498f99496a0bddd858c8460f0a597f71187) Add RFC9794 to mention the new term (already in the latest draft). -public-key encryption based on ECC-KEM and ML-KEM. +public-key encryption based on ECC-KEM and ML-KEM. According to +[](#RFC9794) this is also known as a PQ/T hybrid Key Encapsulation +Mechanism. 2. MDC generation (commit 18a2c0971c9e380d9a2fa55e7f39a3253a84518b) According to very old and also newer comments, it was not entirely clear what to hash for the MDC. Thus this change: The plaintext of the data to be encrypted is passed through the SHA-1 hash function, and the result of the hash is appended to the plaintext -in a Modification Detection Code packet. The input to the hash -function includes the prefix data described above; it includes all of -the plaintext, and then also includes two octets of values 0xD3, -0x14. These represent the encoding of a Modification Detection Code -packet tag and length field of 20 octets. +in a Modification Detection Code packet. The exact input to the hash +function is in this order: the prefix data as described above (the +size is the cipher block size plus two octets), all of the plaintext, +and finally two octets of values 0xD3, 0x14. The latter two octets +represent the encoding of a Modification Detection Code packet tag and +length field of 20 octets. Hopefully this makes it a bit more clear. I avoided to point out that the random prefix is similar to a MAC key; this should be obvious. 3. Explain the origin of the SEIPD (commit 04d406af5923256af8e17db86dec9d2e3b457e77) Using the term "new feature" does not seem to be useful anymore. Thus: The Symmetrically Encrypted Integrity Protected Data packet is a -variant of the Symmetrically Encrypted Data packet. It is a new -feature created for LibrePGP that addresses the problem of detecting a -modification to encrypted data. It is used in combination with a -Modification Detection Code packet. +variant of the Symmetrically Encrypted Data packet. This feature +addresses the problem of detecting a modification to encrypted +data. It is used in combination with a Modification Detection Code +packet. This feature was introduced in the year 2000 by PGP and GnuPG +and later specified by RFC-4880. 4. Reserved packets (commit 646c37787c099457bd021f1833463698b0a41770) Some of us are currently looking into anti-spam measurements and thus are playing with a proposed feature named "Label signature" which is a kind of outer signature around an encrypted message. I took the freedom to resevere the packet tag 42 for this as well as two signature classes. If you have suggestions for further improved but still brief explainations, let us known. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 284 bytes Desc: not available URL: From paul at nohats.ca Wed Nov 5 15:43:56 2025 From: paul at nohats.ca (Paul Wouters) Date: Wed, 5 Nov 2025 09:43:56 -0500 (EST) Subject: Minor edits to the specification In-Reply-To: <87h5v8395m.fsf@jacob.g10code.de> References: <87h5v8395m.fsf@jacob.g10code.de> Message-ID: <34575d5c-9024-ff7c-e264-cb67681e999d@nohats.ca> On Wed, 5 Nov 2025, Werner Koch via LibrePGP-discuss wrote: > 4. Reserved packets > (commit 646c37787c099457bd021f1833463698b0a41770) > > Some of us are currently looking into anti-spam measurements and thus > are playing with a proposed feature named "Label signature" which is > a kind of outer signature around an encrypted message. I took the > freedom to resevere the packet tag 42 for this as well as two > signature classes. It would be better to not squat a code point from IANA, and instead pick one from the private range (60-63) https://www.iana.org/assignments/openpgp/openpgp.xhtml#openpgp-packet-types Paul (this message might not make it to the librepgp-discuss list, for reasons unknown to me - feel free to forward) From andrewg at andrewg.com Wed Nov 5 18:45:34 2025 From: andrewg at andrewg.com (Andrew Gallagher) Date: Wed, 5 Nov 2025 17:45:34 +0000 Subject: Minor edits to the specification In-Reply-To: <87h5v8395m.fsf@jacob.g10code.de> References: <87h5v8395m.fsf@jacob.g10code.de> Message-ID: <463037bf-d2a5-46a1-915d-dab67a3e95e7@andrewg.com> Hi, Werner. On 05/11/2025 13:23, Werner Koch via LibrePGP-discuss wrote: > Some of us are currently looking into anti-spam measurements and thus > are playing with a proposed feature named "Label signature" which is > a kind of outer signature around an encrypted message. I took the > freedom to resevere the packet tag 42 for this as well as two > signature classes. I'm intrigued! What's the use case? Is there any documentation? I'm curious why this would need two separate signature types... A From wk at gnupg.org Wed Nov 5 21:36:38 2025 From: wk at gnupg.org (Werner Koch) Date: Wed, 05 Nov 2025 21:36:38 +0100 Subject: Minor edits to the specification In-Reply-To: <463037bf-d2a5-46a1-915d-dab67a3e95e7@andrewg.com> (Andrew Gallagher via LibrePGP-discuss's message of "Wed, 5 Nov 2025 17:45:34 +0000") References: <87h5v8395m.fsf@jacob.g10code.de> <463037bf-d2a5-46a1-915d-dab67a3e95e7@andrewg.com> Message-ID: <87sees1ajt.fsf@jacob.g10code.de> On Wed, 5 Nov 2025 17:45, Andrew Gallagher said: > I'm intrigued! What's the use case? Is there any documentation? I'm > curious why this would need two separate signature types... Still under internal discussion. Two signature classes for encrypetd and for signed only data. Signed-only data and labels are complicated. Labels may also be used for data classifications. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 284 bytes Desc: not available URL: From andrewg at andrewg.com Thu Nov 6 11:42:25 2025 From: andrewg at andrewg.com (Andrew Gallagher) Date: Thu, 6 Nov 2025 10:42:25 +0000 Subject: Minor edits to the specification In-Reply-To: <87sees1ajt.fsf@jacob.g10code.de> References: <87h5v8395m.fsf@jacob.g10code.de> <463037bf-d2a5-46a1-915d-dab67a3e95e7@andrewg.com> <87sees1ajt.fsf@jacob.g10code.de> Message-ID: Hi, Werner. On 05/11/2025 20:36, Werner Koch wrote: > On Wed, 5 Nov 2025 17:45, Andrew Gallagher said: > >> I'm intrigued! What's the use case? Is there any documentation? I'm >> curious why this would need two separate signature types... > > Still under internal discussion. Two signature classes for encrypetd > and for signed only data. Signed-only data and labels are complicated. > Labels may also be used for data classifications. It might be premature to reserve code points for something that doesn't even have a design brief, let alone a draft spec... A From wk at gnupg.org Thu Nov 6 17:07:23 2025 From: wk at gnupg.org (Werner Koch) Date: Thu, 06 Nov 2025 17:07:23 +0100 Subject: Minor edits to the specification In-Reply-To: (Andrew Gallagher via LibrePGP-discuss's message of "Thu, 6 Nov 2025 10:42:25 +0000") References: <87h5v8395m.fsf@jacob.g10code.de> <463037bf-d2a5-46a1-915d-dab67a3e95e7@andrewg.com> <87sees1ajt.fsf@jacob.g10code.de> Message-ID: <874ir716x0.fsf@jacob.g10code.de> On Thu, 6 Nov 2025 10:42, Andrew Gallagher said: > It might be premature to reserve code points for something that > doesn't even have a design brief, let alone a draft spec... It is merely as a courtesy to the rfc9530 folks. Salam-Shalom, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein -------------- next part -------------- A non-text attachment was scrubbed... Name: openpgp-digital-signature.asc Type: application/pgp-signature Size: 284 bytes Desc: not available URL: From paul at nohats.ca Thu Nov 6 18:01:19 2025 From: paul at nohats.ca (Paul Wouters) Date: Thu, 6 Nov 2025 12:01:19 -0500 Subject: Minor edits to the specification In-Reply-To: <874ir716x0.fsf@jacob.g10code.de> References: <874ir716x0.fsf@jacob.g10code.de> Message-ID: An HTML attachment was scrubbed... URL: