Version 1.11 released

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hi all,

Version 1.11 of your favorite rsync friendly encryption program (it is, 
isn't it?) has just been released. Many many many new stuff, addressing 
almost all of the open issues recently raised.

Compilation should now just work for cygwin, and as far as I can tell, 
for Mac OS X (not sure about that, though). I can't tell if the run time 
problem has been resolved or not, as it does not happen on my systems.

Error messages have been greatly improved. If a file cannot be opened, 
rsyncrypto will report which file that was. Also, in case of an error, 
only the errored file will be aborted, and rsyncrypto will continue its 
operation. It will print an additional error report at the end of the 
entire encryption process.

Also, I have finally fixed the oldest bug of them all. The one that 
tripped Frederico. If an attempt is made to decrypt a file with no valid 
symmetric key, it will be reported as an error and processing will 
continue, rather than issue a segmentation fault.

Please bear in mind that I am not 100% sure that my code for detecting 
whether the private key is available is correct. Technical details 
further on, but in for those not interested in the details, please check 
this with your system, and make sure cold decryption works for you.

As usual, share and enjoy.
Shachar

Technical stuff:
RSA works by taking a modulo based power. So if the message is "m", the 
encrypted message C will be M^e mod n. e is a fairly standard number 
(typically, either 3 or 2^16+1 = 65537). "n" is the "public key", and is 
devised by generating two prime numbers, called "p" and "q", where 
n=p*q. "p" and "q" are the private key.

What some people do not know is that you don't actually need p and q in 
order to perform a decryption. p and q are not, theoretically, used 
directly. Instead, a number, d, is derived from p and q. The decryption 
process can be described as M = C^d mod n. This means you need d and n 
in order to decrypt, but you don't need p and q.

Typically, p and q are being stored, for no other reason than to save on 
processing. In practice, openssl will typically calculate M1 = C^d mod p 
and M2 = C^D mod q, and then combine M1 and M2 into M using the Chinese 
remainder theorem. For that reason, an OpenSSL private key will, 
typically, have p and q, and these are the numbers that I check exist or 
not to find out whether I have the private key.

Like I said before, the private key can be used even without p and q. If 
that is the case, rsyncrypto may incorrectly deduce that the private key 
is not present, and fail the decryption despite all data being 
available. This is what I want you all to test for me - that you can 
perform cold (i.e. - without the symmetric keys) decryption with your 
private key.

Thanks