Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#1 PGP2.x keys require --with-filesize to read messages

open
Brian Warner
None
5
2000-10-30
2000-10-30
Brian Warner
No

Discussion

  • Brian Warner
    Brian Warner
    2000-10-30

    None

     
    Attachments
  • Brian Warner
    Brian Warner
    2000-10-30

    Thanks to Michael Hanke for the following patch. Mailcrypt normally pipes the
    plaintext into GPG, which means that GPG has no way of knowing the length of
    the plaintext until encryption has finished. Thus it emits an encrypted packet
    that indicates "unknown length". PGP2.x cannot handle this kind of length: it
    requires that the length be known before decryption starts. To work around
    this, GPG 1.0.2 and later offers the --set-filename and --set-filesize
    options. This patch measures the size of the plaintext and uses these options
    to make sure the resulting message can be decrypted by PGP2.x users (assuming
    the message was encrypted to their RSA key, of course).

    I'm working on integrating this into mailcrypt. My main concern is how to
    gracefully handle earlier verisions of GPG that will choke on the new options.
    But in the meantime, if you encrypt messages to PGP2.x users, use this patch.

     
  • Brian Warner
    Brian Warner
    2000-10-30

    Thanks to Michael Hanke for the following patch. Mailcrypt normally pipes the plaintext into GPG, which means that GPG has no way of knowing the length of the plaintext until encryption has finished. Thus it emits an encrypted packet that indicates "unknown length". PGP2.x cannot handle this kind of length: it requires that the length be known before decryption starts. To work around this, GPG 1.0.2 and later offers the --set-filename and --set-filesize options. This patch measures the size of the plaintext and uses these options to make sure the resulting message can be decrypted by PGP2.x users (assuming the message was encrypted to their RSA key, of course).

    I'm working on integrating this into mailcrypt. My main concern is how to gracefully handle earlier verisions of GPG that will choke on the new options. But in the meantime, if you encrypt messages to PGP2.x users, use this patch.

     
  • Brian Warner
    Brian Warner
    2000-10-30

    • assigned_to: nobody --> warner
    • summary: PGP2.x keys requires --with-filesize to read messages --> PGP2.x keys require --with-filesize to read messages
     
  • Logged In: YES
    user_id=56602

    I did a similar patch. Note that you have to count the input
    properly or the signature does not verify.
    And, you can *NOT* sign and encrypt in one step.
    My recommendation is to make a new backend called
    "pgp2-compat-gpg" and pick this backend for certain
    recipients. Maybe the recipients can be marked in the
    keyring somehow.