On Dec 19, 10:53 pm, Atif <[email protected]> wrote: > Interesting. So it may be the case that when the keys are generated by > GnuPG we may not be able to use them to decrypt the session key with > crypto++ because of the bad prime issue. You can use them, but you likely cannot validate them. Use them at your own peril. Personally, I would reject them and stop processing.
I did not analyze the use cases too much, so take this with a grain of salt... If you have a secret, *do not* apply your secret to their key (since their key is not validated). If someone else has applied their secret to their key, you may be able to use the result. But in the case of a bad key, I would think the data could have been tampered. So make sure there are authenticity assurances (i.e., a signature) on the encrypted data. Obviously, if its a ElGamal signature over the encrypted data based on a Lim-Lee prime, then you are back to your original problem. According to Werner Kock, secring.pgp up-to version 1.4.1 used to include the unique factorization. But it was removed some 7 years ago. > However if we use crypto++ to > generate the keys, would we expect GnuPG to be able to use them? It appears GnuPG would happily use them since it looks like it does not validate its keys. If GnuPG validated its keys, it would fail for those keys based on Lim-Lee primes. That's probably the best course of action: generate your keys with Crypto++, and then import them into GnuPG for use. Anything that comes out of GnuPG can then be validated, including the original Crypto++ key. > At the end of the day what I'm trying to do is generate an OpenPGP > encrypted package using crypto++. From the looks of things I'll have to > implement OpenPGP's variant of CFB and get their binary format right, but > all the tools exist in crypto++ to generate something compatible? I did not look into this problem. It's probably just CFB with a different feedback size (Crypto++ uses the cipher's block size by default, IIRC). I've seen similar interop issues with, for example, mcrypt. If its just feedback size, then the necessary steps are examined here: http://www.codeproject.com/Articles/21877/Applied-Crypto-Block-Ciphers. It needs to be moved to the Crypto++ wiki. Its been on my TODO list for years :( Jeff -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com.
