Re: OpenPGP CFB Mode from Tankred Hase on 2014-05-11 (public-webcrypto-comments@w3.org from May 2014)

From: Tankred Hase <mail@tankredhase.de>
Date: Sun, 11 May 2014 21:08:40 +0200
To: Tom Ritter <tom@ritter.vg>
Cc: Ryan Sleevi <sleevi@google.com>, "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Message-ID: <CAPyW78vUOUkz0nvHDbXVXX_WboaU=Si5ATzyYphPTE33C+w2PQ@mail.gmail.com>

Thanks for your replies. I talked it over with Thomas from Mailvelope.
It seems that Tag 9 (resync mode) in the OpenPGP RFC is a legacy mode
and that integrity protected mode, which uses the standard CFB mode is
now the recommended mode for OpenPGP. OpenPGP.js also uses integrity
protected mode as a default.

So even if the special OpenPGP CFB mode were not supported natively by
the Web Crypto Apis, it would probably be ok since the js
implementation for resync mode would only be required as a fallback
for legacy support.

Kind regards,
Tankred

2014-05-09 2:24 GMT+02:00 Tom Ritter <tom@ritter.vg>:
> I'm not sure.  OpenPGP's CFB mode has a little twist in it where it
> re-synchronizes with 2 bytes after the first encryption operation,
> which throws the whole thing off from 'vanilla' CFB.  The segment size
> goes from the block size in the first call, to 16 (bits) for the next
> call, and then back to the block size.  The WebCrypto API states the
> segment size for CFB mode is fixed at 8 bits.
>
> -tom
>
>
> On 8 May 2014 20:02, Ryan Sleevi <sleevi@google.com> wrote:
>> Tankred,
>>
>> You should be able to implement OpenPGP's CFB mode atop the existing CFB
>> mode fairly easily. There shouldn't be a need to include it as a 'special'
>> mode. Have you tried?
>>
>>
>> On Tue, May 6, 2014 at 3:40 PM, Tankred Hase <tankred@whiteout.io> wrote:
>>>
>>> Hi,
>>>
>>> I'm a contributor to OpenPGP.js and the libraray uses the OpenPGP CFB
>>> Mode (http://www.ietf.org/rfc/rfc4880.txt 13.9.)
>>>
>>> Here's the corresponding js code that I would like to replace with the
>>> native implementation from the web crypto api:
>>>
>>> https://github.com/openpgpjs/openpgpjs/blob/e1dffffe8d8e367230e920f3ec5bacda56c0a7d3/src/crypto/cfb.js#L87
>>>
>>> As far as I understand CFB mode is currently not supported in the
>>> current spec. I was wondering if this requirement is too specific or
>>> if it would make sense to add it to the spec, considering PGP is a
>>> common use case for email. Thanks!
>>>
>>> Kind regards,
>>> Tankred
>>>
>>> --
>>> Whiteout Networks GmbH c/o Werk1
>>> Grafinger Str. 6
>>> D-81671 München
>>> Geschäftsführer: Oliver Gajek
>>> RG München HRB 204479
>>>
>>>
>>
>

Received on Monday, 12 May 2014 15:09:40 UTC