Minor edits to the specification

Werner Koch wk at gnupg.org
Wed Nov 5 14:23:49 CET 2025 

Hi!

I did some minor edits to the specification to clarify things:

1. PQC encryption
   (commit 229f5498f99496a0bddd858c8460f0a597f71187)

  Add RFC9794 to mention the new term (already in the latest draft).

  -public-key encryption based on ECC-KEM and ML-KEM.
  +public-key encryption based on ECC-KEM and ML-KEM.  According to
  +[](#RFC9794) this is also known as a PQ/T hybrid Key Encapsulation
  +Mechanism.


2. MDC generation
   (commit 18a2c0971c9e380d9a2fa55e7f39a3253a84518b)

  According to very old and also newer comments, it was not entirely
  clear what to hash for the MDC.  Thus this change:

   The plaintext of the data to be encrypted is passed through the SHA-1
   hash function, and the result of the hash is appended to the plaintext
  -in a Modification Detection Code packet.  The input to the hash
  -function includes the prefix data described above; it includes all of
  -the plaintext, and then also includes two octets of values 0xD3,
  -0x14.  These represent the encoding of a Modification Detection Code
  -packet tag and length field of 20 octets.
  +in a Modification Detection Code packet.  The exact input to the hash
  +function is in this order: the prefix data as described above (the
  +size is the cipher block size plus two octets), all of the plaintext,
  +and finally two octets of values 0xD3, 0x14.  The latter two octets
  +represent the encoding of a Modification Detection Code packet tag and
  +length field of 20 octets.

  Hopefully this makes it a bit more clear.  I avoided to point out that
  the random prefix is similar to a MAC key; this should be obvious.

3. Explain the origin of the SEIPD
   (commit 04d406af5923256af8e17db86dec9d2e3b457e77)
   
   Using the term "new feature" does not seem to be useful anymore.
   Thus:
 
    The Symmetrically Encrypted Integrity Protected Data packet is a
   -variant of the Symmetrically Encrypted Data packet.  It is a new
   -feature created for LibrePGP that addresses the problem of detecting a
   -modification to encrypted data.  It is used in combination with a
   -Modification Detection Code packet.
   +variant of the Symmetrically Encrypted Data packet.  This feature
   +addresses the problem of detecting a modification to encrypted
   +data. It is used in combination with a Modification Detection Code
   +packet.  This feature was introduced in the year 2000 by PGP and GnuPG
   +and later specified by RFC-4880.
   
4. Reserved packets
   (commit 646c37787c099457bd021f1833463698b0a41770)

   Some of us are currently looking into anti-spam measurements and thus
   are playing with a proposed feature named "Label signature" which is
   a kind of outer signature around an encrypted message.  I took the
   freedom to resevere the packet tag 42 for this as well as two
   signature classes.

If you have suggestions for further improved but still brief
explainations, let us known.


Salam-Shalom,

   Werner


-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 284 bytes
Desc: not available
URL: <https://librepgp.org/pipermail/librepgp-discuss/attachments/20251105/ae1ded1c/attachment.sig>

More information about the LibrePGP-discuss mailing list