On Tue, 7 Nov 2006 15:50, [EMAIL PROTECTED] said: > This doesn't: > [PKESK][SED][PKESK][SED] (fails reading the second PKESK)
Right. This is because the sematics of two concatenated OpenPGP messages are not well defined. > This will read the two PKESK packets and the first SED but not the final one: > [PKESK][PKESK][SED][SED] Indeed. GnuPG views this as [PKESK][PKESK][SED] and ignore the extra data at the end. > i)Should this be possible? > ii)Are there any tools (other than gpg -vvv) to help debug what gpg > is finding in my packet stream? Not really. > iii)I'm pretty confident the size of the SED packet is specified > correctly but do I need to make sure that the SED packet size is a > multiple of the algorithm's block size? PKESK = Public-Key Encrypted Session Key Packets (Tag 1) SKESK = Symmetric-Key Encrypted Session Key Packets (Tag 3) SED = Symmetrically Encrypted Data Packet (Tag 9 or 18) Using just an SED is only allowed for PGP2 compatibility. It is better to use a random session key for the ESD and encrypt that session key using a SKESK. Then you may use an arbitrary number and order of PKESK and SKESK: [PKESK][SKESK][PKESK][PKESK][SKESK][SKESK][SED] The actual content is encrypted in the SED and the other packets merely encrypt the random session used with the SED. Shalom-Salam, Werner _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users