rpm 4.19.0
The RPM Package Manager
Loading...
Searching...
No Matches
Public Attributes | List of all members
pgpPktKey_u Union Reference

#include <rpmpgp.h>

Collaboration diagram for pgpPktKey_u:
Collaboration graph
[legend]

Public Attributes

struct pgpPktKeyV3_s v3
 
struct pgpPktKeyV4_s v4
 

Detailed Description

5.5.3. Secret Key Packet Formats

The Secret Key and Secret Subkey packets contain all the data of the Public Key and Public Subkey packets, with additional algorithm- specific secret key data appended, in encrypted form.

The packet contains:

Secret MPI values can be encrypted using a passphrase. If a string- to-key specifier is given, that describes the algorithm for converting the passphrase to a key, else a simple MD5 hash of the passphrase is used. Implementations SHOULD use a string-to-key specifier; the simple hash is for backward compatibility. The cipher for encrypting the MPIs is specified in the secret key packet.

Encryption/decryption of the secret data is done in CFB mode using the key created from the passphrase and the Initial Vector from the packet. A different mode is used with V3 keys (which are only RSA) than with other key formats. With V3 keys, the MPI bit count prefix (i.e., the first two octets) is not encrypted. Only the MPI non- prefix data is encrypted. Furthermore, the CFB state is resynchronized at the beginning of each new MPI value, so that the CFB block boundary is aligned with the start of the MPI data.

With V4 keys, a simpler method is used. All secret MPI values are encrypted in CFB mode, including the MPI bitcount prefix.

The 16-bit checksum that follows the algorithm-specific portion is the algebraic sum, mod 65536, of the plaintext of all the algorithm- specific octets (including MPI prefix and data). With V3 keys, the checksum is stored in the clear. With V4 keys, the checksum is encrypted like the algorithm-specific data. This value is used to check that the passphrase was correct.


The documentation for this union was generated from the following file: