Thanks Shachar.

2008/6/24 Shachar Shemesh <>:
Hi all,

Version 1.11 of your favorite rsync friendly encryption program (it is,
isn't it?) has just been released. Many many many new stuff, addressing
almost all of the open issues recently raised.

Compilation should now just work for cygwin, and as far as I can tell,
for Mac OS X (not sure about that, though). I can't tell if the run time
problem has been resolved or not, as it does not happen on my systems.

Error messages have been greatly improved. If a file cannot be opened,
rsyncrypto will report which file that was. Also, in case of an error,
only the errored file will be aborted, and rsyncrypto will continue its
operation. It will print an additional error report at the end of the
entire encryption process.

Also, I have finally fixed the oldest bug of them all. The one that
tripped Frederico. If an attempt is made to decrypt a file with no valid
symmetric key, it will be reported as an error and processing will
continue, rather than issue a segmentation fault.

Please bear in mind that I am not 100% sure that my code for detecting
whether the private key is available is correct. Technical details
further on, but in for those not interested in the details, please check
this with your system, and make sure cold decryption works for you.

As usual, share and enjoy.

Technical stuff:
RSA works by taking a modulo based power. So if the message is "m", the
encrypted message C will be M^e mod n. e is a fairly standard number
(typically, either 3 or 2^16+1 = 65537). "n" is the "public key", and is
devised by generating two prime numbers, called "p" and "q", where
n=p*q. "p" and "q" are the private key.

What some people do not know is that you don't actually need p and q in
order to perform a decryption. p and q are not, theoretically, used
directly. Instead, a number, d, is derived from p and q. The decryption
process can be described as M = C^d mod n. This means you need d and n
in order to decrypt, but you don't need p and q.

Typically, p and q are being stored, for no other reason than to save on
processing. In practice, openssl will typically calculate M1 = C^d mod p
and M2 = C^D mod q, and then combine M1 and M2 into M using the Chinese
remainder theorem. For that reason, an OpenSSL private key will,
typically, have p and q, and these are the numbers that I check exist or
not to find out whether I have the private key.

Like I said before, the private key can be used even without p and q. If
that is the case, rsyncrypto may incorrectly deduce that the private key
is not present, and fail the decryption despite all data being
available. This is what I want you all to test for me - that you can
perform cold (i.e. - without the symmetric keys) decryption with your
private key.


Check out the new Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
Rsyncrypto-devel mailing list