2008/6/24 Shachar Shemesh <shachar@shemesh.biz>:

Hi all,

Version 1.11 of your favorite rsync friendly encryption program (it is,

isn't it?) has just been released. Many many many new stuff, addressing

almost all of the open issues recently raised.

Compilation should now just work for cygwin, and as far as I can tell,

for Mac OS X (not sure about that, though). I can't tell if the run time

problem has been resolved or not, as it does not happen on my systems.

Error messages have been greatly improved. If a file cannot be opened,

rsyncrypto will report which file that was. Also, in case of an error,

only the errored file will be aborted, and rsyncrypto will continue its

operation. It will print an additional error report at the end of the

entire encryption process.

Also, I have finally fixed the oldest bug of them all. The one that

tripped Frederico. If an attempt is made to decrypt a file with no valid

symmetric key, it will be reported as an error and processing will

continue, rather than issue a segmentation fault.

Please bear in mind that I am not 100% sure that my code for detecting

whether the private key is available is correct. Technical details

further on, but in for those not interested in the details, please check

this with your system, and make sure cold decryption works for you.

As usual, share and enjoy.

Shachar

Technical stuff:

RSA works by taking a modulo based power. So if the message is "m", the

encrypted message C will be M^e mod n. e is a fairly standard number

(typically, either 3 or 2^16+1 = 65537). "n" is the "public key", and is

devised by generating two prime numbers, called "p" and "q", where

n=p*q. "p" and "q" are the private key.

What some people do not know is that you don't actually need p and q in

order to perform a decryption. p and q are not, theoretically, used

directly. Instead, a number, d, is derived from p and q. The decryption

process can be described as M = C^d mod n. This means you need d and n

in order to decrypt, but you don't need p and q.

Typically, p and q are being stored, for no other reason than to save on

processing. In practice, openssl will typically calculate M1 = C^d mod p

and M2 = C^D mod q, and then combine M1 and M2 into M using the Chinese

remainder theorem. For that reason, an OpenSSL private key will,

typically, have p and q, and these are the numbers that I check exist or

not to find out whether I have the private key.

Like I said before, the private key can be used even without p and q. If

that is the case, rsyncrypto may incorrectly deduce that the private key

is not present, and fail the decryption despite all data being

available. This is what I want you all to test for me - that you can

perform cold (i.e. - without the symmetric keys) decryption with your

private key.

Thanks

-------------------------------------------------------------------------

Check out the new SourceForge.net Marketplace.

It's the best place to buy or sell services for

just about anything Open Source.

http://sourceforge.net/services/buy/index.php

_______________________________________________

Rsyncrypto-devel mailing list

Rsyncrypto-devel@lists.sourceforge.net

https://lists.sourceforge.net/lists/listinfo/rsyncrypto-devel