mirror of
git://git.gnupg.org/gnupg.git
synced 2024-06-15 00:29:49 +02:00
4159567f7e
* agent/protect.c (agent_protect): Add arg use_ocb. Change all caller to pass -1 for default. * agent/protect-tool.c: New option --debug-use-ocb. (oDebugUseOCB): New. (opt_debug_use_ocb): New. (main): Set option. (read_and_protect): Implement option. * agent/protect.c (OCB_MODE_SUPPORTED): New macro. (PROT_DEFAULT_TO_OCB): New macro. (do_encryption): Add args use_ocb, hashbegin, hashlen, timestamp_exp, and timestamp_exp_len. Implement OCB. (agent_protect): Change to support OCB. (do_decryption): Add new args is_ocb, aadhole_begin, and aadhole_len. Implement OCB. (merge_lists): Allow NULL for sha1hash. (agent_unprotect): Change to support OCB. (agent_private_key_type): Remove debug output. -- Instead of using the old OpenPGP way of appending a hash of the plaintext and encrypt that along with the plaintext, the new scheme uses a proper authenticated encryption mode. See keyformat.txt for a description. Libgcrypt 1.7 is required. This mode is not yet enabled because there would be no way to return to an older GnuPG version. To test the new scheme use gpg-protect-tool: ./gpg-protect-tool -av -P abc -p --debug-use-ocb <plain.key >prot.key ./gpg-protect-tool -av -P abc -u <prot.key Any key from the private key storage should work. Signed-off-by: Werner Koch <wk@gnupg.org> |
||
|---|---|---|
| .. | ||
| agent.h | ||
| cache.c | ||
| call-pinentry.c | ||
| call-scd.c | ||
| ChangeLog-2011 | ||
| command-ssh.c | ||
| command.c | ||
| cvt-openpgp.c | ||
| cvt-openpgp.h | ||
| divert-scd.c | ||
| findkey.c | ||
| genkey.c | ||
| gpg-agent-w32info.rc | ||
| gpg-agent.c | ||
| keyformat.txt | ||
| learncard.c | ||
| Makefile.am | ||
| pkdecrypt.c | ||
| pksign.c | ||
| preset-passphrase.c | ||
| protect-tool.c | ||
| protect.c | ||
| t-protect.c | ||
| trans.c | ||
| trustlist.c | ||
| w32main.c | ||
| w32main.h | ||