The Call of the Open Sidewalk

From a place slightly to the side of the more popular path

User Tools

Site Tools

pgpfan:authenticated

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Last revisionBoth sides next revision
pgpfan:authenticated [2021/12/21 17:38] – ... but it doesn't matter much. b.walzerpgpfan:authenticated [2022/09/26 17:09] – Link to new editorial b.walzer
Line 27: Line 27:
 By the way, the OpenPGP method that invokes the use of AE is symmetrical encryption. This is where the same key is used to encrypt something as well as to decrypt it. In practice this mode is only used to encrypt files that are not going to be moved anywhere. As a result interoperability is unimportant and an interoperability standard like OpenPGP is also less important. It turns out though, that the MDC works as AE in this case. The content and the MDC is encrypted with the symmetrical key and as a result authenticates the content on the basis of that key. So OpenPGP actually //has// authenticated encryption but it doesn't matter much that it does.   By the way, the OpenPGP method that invokes the use of AE is symmetrical encryption. This is where the same key is used to encrypt something as well as to decrypt it. In practice this mode is only used to encrypt files that are not going to be moved anywhere. As a result interoperability is unimportant and an interoperability standard like OpenPGP is also less important. It turns out though, that the MDC works as AE in this case. The content and the MDC is encrypted with the symmetrical key and as a result authenticates the content on the basis of that key. So OpenPGP actually //has// authenticated encryption but it doesn't matter much that it does.  
  
-There is a sort of philosophical issue here as well. OpenPGP is a definition of a message format. It can't directly specify how things are implemented. Most AE schemes are some sort of encryption with an integrity check bundled in. How bundled the check is would get lost in a mere message format. OpenPGP already defines an integrity check in the form of the [[pgpfan:mdc|modification detection code]] (MDC). So a proposed AE scheme for OpenPGP is really just a proposal for an integrity check different than the MDC and there isn't anything wrong with the MDC. Most AE schemes do not include any sort of intrinsic protection against modification like the [[pgpfan:cipherfeedback|cipher feedback]] embodied by OpenPGP. So it is possible that adding a more popular AE mode to OpenPGP would actually make things worse, due to the extra complexity and the loss of intrinsic modification protection.+There is a sort of philosophical issue here as well. OpenPGP is a definition of a message format. It can't directly specify how things are implemented. Most AE schemes are some sort of encryption with an integrity check bundled in. How bundled the check is would get lost in a mere message format. OpenPGP already defines an integrity check in the form of the [[pgpfan:mdc|modification detection code]] (MDC). So a proposed AE scheme for OpenPGP is really just a proposal for an integrity check different than the MDC and there isn't anything wrong with the MDC. Most AE schemes do not include any sort of intrinsic protection against modification like the [[pgpfan:cipherfeedback|cipher feedback]] embodied by OpenPGP. So it is possible that [[pgpfan:no_new_ae|adding a more popular AE mode to OpenPGP would actually make things worse]], due to the extra complexity and the loss of intrinsic modification protection.
  
 Summing up, OpenPGP does not require authenticated encryption for the normal case. For unauthenticated material OpenPGP provides the MDC which is specifically designed for that case. Summing up, OpenPGP does not require authenticated encryption for the normal case. For unauthenticated material OpenPGP provides the MDC which is specifically designed for that case.
pgpfan/authenticated.txt · Last modified: 2023/02/28 16:46 by b.walzer