Version 1.11 released
Brought to you by:
thesun
From: Shachar S. <sh...@sh...> - 2008-06-24 19:35:57
|
Hi all, Version 1.11 of your favorite rsync friendly encryption program (it is, isn't it?) has just been released. Many many many new stuff, addressing almost all of the open issues recently raised. Compilation should now just work for cygwin, and as far as I can tell, for Mac OS X (not sure about that, though). I can't tell if the run time problem has been resolved or not, as it does not happen on my systems. Error messages have been greatly improved. If a file cannot be opened, rsyncrypto will report which file that was. Also, in case of an error, only the errored file will be aborted, and rsyncrypto will continue its operation. It will print an additional error report at the end of the entire encryption process. Also, I have finally fixed the oldest bug of them all. The one that tripped Frederico. If an attempt is made to decrypt a file with no valid symmetric key, it will be reported as an error and processing will continue, rather than issue a segmentation fault. Please bear in mind that I am not 100% sure that my code for detecting whether the private key is available is correct. Technical details further on, but in for those not interested in the details, please check this with your system, and make sure cold decryption works for you. As usual, share and enjoy. Shachar Technical stuff: RSA works by taking a modulo based power. So if the message is "m", the encrypted message C will be M^e mod n. e is a fairly standard number (typically, either 3 or 2^16+1 = 65537). "n" is the "public key", and is devised by generating two prime numbers, called "p" and "q", where n=p*q. "p" and "q" are the private key. What some people do not know is that you don't actually need p and q in order to perform a decryption. p and q are not, theoretically, used directly. Instead, a number, d, is derived from p and q. The decryption process can be described as M = C^d mod n. This means you need d and n in order to decrypt, but you don't need p and q. Typically, p and q are being stored, for no other reason than to save on processing. In practice, openssl will typically calculate M1 = C^d mod p and M2 = C^D mod q, and then combine M1 and M2 into M using the Chinese remainder theorem. For that reason, an OpenSSL private key will, typically, have p and q, and these are the numbers that I check exist or not to find out whether I have the private key. Like I said before, the private key can be used even without p and q. If that is the case, rsyncrypto may incorrectly deduce that the private key is not present, and fail the decryption despite all data being available. This is what I want you all to test for me - that you can perform cold (i.e. - without the symmetric keys) decryption with your private key. Thanks |