[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Section 5.2.3 of latest draft: bis14.




Many implementers have taken this advice to heart for any data that is
symmetrically encrypted and for which the session key is public-key
encrypted. In this case, the quick check is not needed as the public
key encryption of the session key should guarantee that it is the right

Shouldn't this be about decryption with secret key?


In the case of what I'll call a "normal" OpenPGP blob, you have data encrypted by a session key, and that session key was encrypted to a public key. In this case, you get the session key by unwrapping it from the public key, not from a passphrase, and consequently, it is unnecessary to perform the quick check.

This defeats an attack where someone damages a blob and has you decrypt the damaged blob and pries at the encryption by means of the quick check.

	Jon