Hi Daniel,
Thanks for your reply, that does make perfect sense. In theory I do
understand how PGP works, but this is the first time I've gotten my
hands dirty so things are still clicking into place!
The actual problem I was debugging is why the binary output decrypts
okay in another crypto library, but my base64-decoded version of the
ASCII-armored output does not. I over-simplified my test case to
expecting the two to be identical!
I've now tracked this down as a problem with compression/decompression
which I was able to fix.
Thanks again,
Chris
Daniel Kahn Gillmor wrote:
On 09/30/2009 05:27 AM, Chris Sutton wrote:
It appears as if GPG is putting slightly different binary data into the
ASCII-armored version as into the direct binary output. Is this possible?
OpenPGP encryption is a hybrid model:
first, a random session key is generated.
then the random session key is used with a reasonable stream cipher
(3DES, AES, etc) to symmetrically encrypt the data in question.
then the session key is asymmetrically encrypted (once for each
recipient's key).
The resultant block is the concatenation of the ciphertext and the
encrypted session keys.
Note that the first step involves some randomization (as it should!) --
this means that each encryption of the same cleartext will yield
radically different ciphertext.
I suspect this difference is what you're seeing, not any issue with
base64-encoding.
does this make sense?
--dkg
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
