pgpfan:authenticated
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
pgpfan:authenticated [2021/11/12 21:11] – Part of the big rewrite b.walzer | pgpfan:authenticated [2023/02/28 16:46] (current) – new point b.walzer | ||
---|---|---|---|
Line 1: | Line 1: | ||
======Authenticated Encryption====== | ======Authenticated Encryption====== | ||
- | OpenPGP | + | It is sometimes |
- | First off, OpenPGP does not need any sort of AE when used in the usual way. Since OpenPGP | + | AE is often seen in the case of stateful connected protocols such as [[wp> |
- | If you receive a signed message/ | + | {{auth_stateful_keys.svg}} |
- | * The message was created | + | The authentication is usually established |
- | * The message was not modified after it was created. | + | |
- | Here are the possibilities when we add AE on top of signatures: | + | The entities can then send messages encrypted with the shared key over the connection indefinitely: |
- | | ^ Valid AE ^ Invalid AE ^ | + | {{auth_stateful_ae.svg}} |
- | ^ Valid Signature | + | |
- | ^ Invalid Signature | + | |
- | ^ Missing Signature | + | |
- | So AE only adds value in the case of an invalid or missing signature. In other words; | + | The authenticated encryption ensures that these messages are from the other entity and were not modified in transit. By using the authenticated shared secret key, the authenticated encryption can preserve the authenticity established by the cryptographic signatures. |
- | An anonymous message/ | + | Now we switch |
- | The second point here is that OpenPGP for all practical purposes actually //has// AE in the form of the [[pgpfan: | + | {{auth_stateless.svg}} |
- | There is a sort of philosophical issue here as well. OpenPGP is a definition of a message format. It can't directly specify how things are implemented. Most AE schemes are some sort of encryption with an integrity check bundled in. How bundled the check is would get lost in a mere message format. OpenPGP already defines an integrity check in the form of the [[pgpfan: | + | Offline applications are by nature stateless with no reverse channel available. A message is created and sent off over a network. A file is created and stored to some sort of media. So there is no concept or possibility of an ongoing connection. It is simplest to just cryptographically sign the content directly so this is how OpenPGP does it. As a result, OpenPGP does not need any sort of AE when used in the usual way. |
+ | |||
+ | Suppose we decided we wanted to do things in the more complicated connection oriented way anyway. Since we would be authenticating the connection, not the message/ | ||
+ | |||
+ | OpenPGP supporting systems are sometimes called on to support the case of unsigned (anonymous) messages/ | ||
+ | |||
+ | Even if authentication is not possible in the anonymous message/ | ||
+ | |||
+ | By the way, the OpenPGP method that invokes the use of AE is symmetrical encryption. This is where the same key is used to encrypt something as well as to decrypt it. In practice this mode is only used to encrypt files that are not going to be moved anywhere. As a result interoperability is unimportant and an interoperability standard like OpenPGP is also less important. It turns out though, that the MDC works as AE in this case. The content and the MDC is encrypted with the symmetrical key and as a result authenticates the content on the basis of that key. So OpenPGP actually //has// authenticated encryption but it doesn' | ||
+ | |||
+ | There is a sort of philosophical issue here as well. OpenPGP is a definition of a message format. It can't directly specify how things are implemented. Most AE schemes are some sort of encryption with an integrity check bundled in. How bundled the check is would get lost in a mere message format. OpenPGP already defines an integrity check in the form of the [[pgpfan: | ||
+ | |||
+ | Summing up, OpenPGP does not require authenticated encryption for the normal case. For unauthenticated material OpenPGP provides the MDC which is specifically designed for that case. | ||
[[pgpfan: | [[pgpfan: | ||
- | [[em: | + | [[em: |
+ | [[: | ||
pgpfan/authenticated.1636751505.txt.gz · Last modified: 2021/11/12 21:11 by b.walzer