tags 430687 + confirmed thanks Hi Marko,
On Tue, Jun 26, 2007 at 05:59:35PM +0200, Marko Randjelovic wrote: > When you decrypt a file, it is not same as original, because it has > additional bytes at the end. If you know the length of original file, > than you can reconstruct it with program dd. > > For example, make some tar archive a.tgz, encrypt it with aespipe into > a.tgz.aespipe, than decrypt it into a2.tgz. When you type "tar ztf > a2.tgz", you get an error > > gzip: stdin: unexpected end of file > tar: Child returned status 1 > tar: Error exit delayed from previous errors > > All files are listed, but still you get an error, which can sometimes > make confusion. Yes, this is correct. This is unfortunately a limitation by design of aespipe. The reason is that it always works on blocks with the standard AES blocksize of 128 bits, without storing any metainformation along with or inside the encrypted file. There is no way it can determine the original size when decrypting. So what it does is \0-pad the input (and thus the decrypted output) until it fits into multiples of 128 bits. $ echo -n ABCD | aespipe -H rmd160 -e aes256 | wc -c 16 $ echo -n ABCD | aespipe -H rmd160 -e aes256 | aespipe -w 2 -H rmd160 -e aes256 -d | hd Password: Password: 00000000 41 42 43 44 00 00 00 00 00 00 00 00 00 00 00 00 |A...............| 00000010 This works fine for plain tar and cpio archives because they are always multiples of 16 bytes (128 bits): $ echo -n ABCD > x $ tar -c x | wc -c 10240 $ tar -b1 -c x | wc -c 2048 $ echo x | cpio -o | wc -c 512 Unfortunately, as you showed, this no longer holds as soon as you compress the archive before piping it through aespipe, or use another file which is not multiples of 16 bytes. In that case, the decrypted file will not match the input file, as it is padded with \0 up to 16 bytes. This is not something we can fix in aespipe unfortunately, as it is designed to work this way. There are ways to work around this problem (eg. use formats like tar which ignore trailing zeroes, or truncate output to known length), but this probably cannot (and perhaps should not) be solved in aespipe itself. I will try to make very clear that this limitation exists in both the package description and README.Debian. Perhaps the upstream author likes to add something to the README about this as well, so users will know about it. Thanks for sending your bug report. cheers, Max -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
