Re: OpenPGP CFB Mode from Tom Ritter on 2014-05-11 (public-webcrypto-comments@w3.org from May 2014)

From: Tom Ritter <tom@ritter.vg>
Date: Sun, 11 May 2014 16:57:06 -0400
To: Tankred Hase <mail@tankredhase.de>
Cc: public-webcrypto-comments@w3.org, Ryan Sleevi <sleevi@google.com>
Message-ID: <CA+cU71nOky7VqGwt8yMEZvtNkHBGpnVeiEAQ9=fez1FBDkNDfA@mail.gmail.com>

But 'Standard CFB' for integrity protected mode in OpenPGP still uses a
shift size equal to the block size.  The Web Crypto API specifies a shift
size of 8.

-tom
Thanks for your replies. I talked it over with Thomas from Mailvelope.
It seems that Tag 9 (resync mode) in the OpenPGP RFC is a legacy mode
and that integrity protected mode, which uses the standard CFB mode is
now the recommended mode for OpenPGP. OpenPGP.js also uses integrity
protected mode as a default.

So even if the special OpenPGP CFB mode were not supported natively by
the Web Crypto Apis, it would probably be ok since the js
implementation for resync mode would only be required as a fallback
for legacy support.

Kind regards,
Tankred

2014-05-09 2:24 GMT+02:00 Tom Ritter <tom@ritter.vg>:
> I'm not sure.  OpenPGP's CFB mode has a little twist in it where it
> re-synchronizes with 2 bytes after the first encryption operation,
> which throws the whole thing off from 'vanilla' CFB.  The segment size
> goes from the block size in the first call, to 16 (bits) for the next
> call, and then back to the block size.  The WebCrypto API states the
> segment size for CFB mode is fixed at 8 bits.
>
> -tom
>
>
> On 8 May 2014 20:02, Ryan Sleevi <sleevi@google.com> wrote:
>> Tankred,
>>
>> You should be able to implement OpenPGP's CFB mode atop the existing CFB
>> mode fairly easily. There shouldn't be a need to include it as a
'special'
>> mode. Have you tried?
>>
>>
>> On Tue, May 6, 2014 at 3:40 PM, Tankred Hase <tankred@whiteout.io> wrote:
>>>
>>> Hi,
>>>
>>> I'm a contributor to OpenPGP.js and the libraray uses the OpenPGP CFB
>>> Mode (http://www.ietf.org/rfc/rfc4880.txt 13.9.)
>>>
>>> Here's the corresponding js code that I would like to replace with the
>>> native implementation from the web crypto api:
>>>
>>>
https://github.com/openpgpjs/openpgpjs/blob/e1dffffe8d8e367230e920f3ec5bacda56c0a7d3/src/crypto/cfb.js#L87
>>>
>>> As far as I understand CFB mode is currently not supported in the
>>> current spec. I was wondering if this requirement is too specific or
>>> if it would make sense to add it to the spec, considering PGP is a
>>> common use case for email. Thanks!
>>>
>>> Kind regards,
>>> Tankred
>>>
>>> --
>>> Whiteout Networks GmbH c/o Werk1
>>> Grafinger Str. 6
>>> D-81671 München
>>> Geschäftsführer: Oliver Gajek
>>> RG München HRB 204479
>>>
>>>
>>
>

Received on Sunday, 11 May 2014 20:57:36 UTC