The Call of the Open Sidewalk

From a place slightly to the side of the more popular path

User Tools

Site Tools

pgpfan:pgpauth

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
pgpfan:pgpauth [2025/10/10 21:53] – [The PGP OCFB Encryption Mode] Better explanation order. b.walzerpgpfan:pgpauth [2025/10/10 22:01] (current) – [The PGP OCFB-MDC Encryption Mode] What sort of implementations? b.walzer
Line 83: Line 83:
 =====The PGP OCFB-MDC Encryption Mode===== =====The PGP OCFB-MDC Encryption Mode=====
  
-So there is a PGP encryption mode //with// an integrity check((The PGP OCFB-MDC mode is contained in the OpenPGP Symmetrical Encryption Integrity Protected Data packet (SEIPD).)). For those of us who know how PGP authentication works the existence of //this// mode is confusing.+So... This is awkward... 
 + 
 +OCFB-MDC is a PGP encryption mode //with// an integrity check((The PGP OCFB-MDC mode is contained in the OpenPGP Symmetrical Encryption Integrity Protected Data packet (SEIPD).)). For those of us who know how PGP authentication works the existence of //this// mode is confusing.
  
 People were happily and securely using the OCFB encryption mode with PGP authentication for many years. The OCFB-MDC mode came along later. People were happily and securely using the OCFB encryption mode with PGP authentication for many years. The OCFB-MDC mode came along later.
  
-A valid OCFB-MDC integrity check insures:+A valid OCFB-MDC integrity check ensures:
  
   - The file/message has not been modified.   - The file/message has not been modified.
Line 95: Line 97:
 So why does the OCFB-MDC encryption mode exist at all? It's specifically for the case of anonymous (unsigned, unauthenticated) files/messages. We won't know where the file/message came from, but at least we know it wasn't tampered with. It's better than nothing. So why does the OCFB-MDC encryption mode exist at all? It's specifically for the case of anonymous (unsigned, unauthenticated) files/messages. We won't know where the file/message came from, but at least we know it wasn't tampered with. It's better than nothing.
  
-In practice almost all implementations will emit OCFB-MDC encrypted messages even if the file/message is signed. That makes it so that schemes that depend on the integrity check will always have it available without consideration of the authentication status of the message. The resulting inefficiency is apparently considered an acceptable cost. Those implementations that do not require the integrity check can simply just ignore it.+In practice almost all PGP implementations will emit OCFB-MDC encrypted messages even if the file/message is signed. That makes it so that schemes that depend on the integrity check will always have it available without consideration of the authentication status of the message. The resulting inefficiency is apparently considered an acceptable cost. Those implementations that do not require the integrity check can simply just ignore it.
  
 When working with PGP, it is important to clearly understand the difference between authentication and the integrity check. The integrity check is limited and often full authentication is required or more desirable. When working with PGP, it is important to clearly understand the difference between authentication and the integrity check. The integrity check is limited and often full authentication is required or more desirable.
  
pgpfan/pgpauth.1760133199.txt.gz · Last modified: by b.walzer