It seems to me that the loop nesting just needs to be reversed. It seems like the way GnuPG works is that it has a list of session keys, and a list of private keys. It then iterates through the list of session keys and tries to see if any private key matches. This makes it so that if the session key is anonymous, it has to ask for each private key passphrase in turn, and do this for each and every session key.
If the logic were reversed, this would be avoided. Iterate through the
private keys first, then test each private key to see if it will decrypt
a session key. The passphrase is asked for once for each private key
instead of for each session key times the number of private keys.
ie: right now, it works this way
for (int s = 0; s < NumSessionKeys; s++) {
for (int k = 0; k < NumPrivateKeys; k++) {
char *PassPhrase = GetPassphrase(PrivateKeyList[k]);
if (DecryptSessionKey(SessionKeyList[s], PassPhrase))
/* decrypt message here */
}
}
Perhaps it would be better like this:
for (int k = 0; k < NumPrivateKeys; k++) {
char *PassPhrase = GetPassphrase(PrivateKeyList[k]);
for (int s = 0; s < NumSessionKeys; s++) {
if (DecryptSessionKey(SessionKeyList[s], PassPhrase))
/* decrypt message here */
}
}
That's a terrible simplification, but it seems to me like the logic
works better this way.
Kurt.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
