Re: [GNU Crypto] More keyrings, PBE.

[Casey Marshall]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "Raif" == Raif S Naffah <address@hidden> writes:

Raif> On Wed, 8 Oct 2003 08:16 am, Casey Marshall wrote:
>>  I'm not so sure about that. Right now we have defined the bytes 0
>> through 10 to have meaning as the prelude to a specific sequence of
>> data; the presence of a byte 11-255 should be a signal that
>> something is very wrong with the keyring, and since we don't know
>> the form of this unknown packet, we don't know how many bytes to
>> skip.
>> 
>> UNLESS, we define that every packet (except property packets) all
>> have this exact form:
>> 
>> uint8 Packet type. eos Properties (which defines things such as
>> ciphers, MACs, salts, etc.)  eos Packet data.
>> 
>> This does add some small costs in storage size and extra parsing
>> steps, but I like the uniformity it brings to the format.

Raif> i concur.  my vote goes for uniformity :-)

Agreed. I'll be reworking the spec and the implementation to do this.

>> Another possibility is to define one more algorithm ID for every
>> packet that deals with an encoding, e.g.
>> 
>> #define GKR_CIPHER_PRIVATE 255
>> 
>> In which case the actual name of the cipher and mode will be
>> included in the packet's properties.

Raif> and keep the

Raif> #define GKR_CIPHER_AES_128_OFB 0
Raif> #define GKR_CIPHER_AES_128_CBC 1

Raif> types as possible instances of GKR_TYPE_ENCRYPTED?

Raif> or remove the two cipher/mode/padding combo IDs and replace them
Raif> with properties?

Raif> if it's the latter do we really need an additional packet ID?

Using the above modification to the packet described above will make
these unnecessary.

- -- 
Casey Marshall || address@hidden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.7 <http://mailcrypt.sourceforge.net/>

iD8DBQE/h8YNgAuWMgRGsWsRAhBNAJsHYCEtu2oFUe7h/igjSz8ZoU9miwCgg57V
jDPDzsXQmD1fOW9GVMwfjcc=
=Q8OD
-----END PGP SIGNATURE-----