Mailing List Archive

On Thu, 17 Jul 2003 13:37:25 +0200, Ralf Schneider said:

> x = gcry_mpi_new (0);
> gcry_mpi_set_opaque (x, text, strlen(text));

You can't use opaque becuase that won't yield a valid MPI which can be
passed to other MPI functions. Opaque is a hack to allow for
encrypted MPI values.

To convert a string into an MPI, use this:

gcry_mpi_t a;
int rc;
const char string[] = "Is that all you've got to show for seven "
"and a half million years' work?";

rc = gcry_mpi_scan (&a, GCRYMPI_FMT_USG, string, strlen (string));
if (rc)
bug ("oops: mpi_scan failed: %s\n", gpg_strerror (rc));

foo (a)
gcry_mpi_release (a);

However, using this is not secure as proper padding is required for
most public key algorithms; see the HAC for details.


Salam-Shalom,

Werner

--
Werner Koch <wk@gnupg.org>
The GnuPG Experts http://g10code.com
Free Software Foundation Europe http://fsfeurope.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Freitag, 18. Juli 2003 13:20 schrieb Werner Koch:
> To convert a string into an MPI, use this:
>
> gcry_mpi_t a;
> int rc;
> const char string[] = "Is that all you've got to show for seven "
> "and a half million years' work?";
>
> rc = gcry_mpi_scan (&a, GCRYMPI_FMT_USG, string, strlen (string));
> if (rc)
> bug ("oops: mpi_scan failed: %s\n", gpg_strerror (rc));
>
> foo (a)
> gcry_mpi_release (a);
>

Hi Werner,

thank you very much for your code snippet. After a small correction
(gcry_mpi_scan expects a pointer to size_t instead of a size_t value) it
worked fine.

Now, I have another conversion problem :-) I want to store the keys I generate
with gcry_ac_key_pair_generate in a database. My idea was to encode them
base64 and store them in a VARCHAR field.

So, the problem is: How can I convert the key of type gcry_ac_key_t to a
representation that I can encode to a base64 string (for example a byte
array)?

> However, using this is not secure as proper padding is required for
> most public key algorithms; see the HAC for details.

What is the HAC? Where can I find it?

Best regards,
Ralf.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/GQNk7YyyfykA0YkRAkdnAJwOleuEfInVTpcZVXu4NO3UOJMhugCfahce
QxxzEYTEdnn83hBs+futHis=
=211g
-----END PGP SIGNATURE-----

On Sat, 19 Jul 2003 10:37:51 +0200, Ralf Schneider said:

> thank you very much for your code snippet. After a small correction
> (gcry_mpi_scan expects a pointer to size_t instead of a size_t value) it
> worked fine.

Oops.

> So, the problem is: How can I convert the key of type gcry_ac_key_t to a
> representation that I can encode to a base64 string (for example a byte
> array)?

Look for gcry_mpi_print or gcry_mpi_aprint. Use GCRY_FMT_PGP if you
want a 2 bytes header with the number of bits following or
GCRY_FMT_SSH with a 4 byte header with the number of bytes follwoing
or simply GCRY_FMT_STD with no header. There is also GCRY_FMT_HEX
which prints each byte as 2 hex digits.

> What is the HAC? Where can I find it?

Handbook of Applied Cryptography. Since some time entirely available
online: http://cacr.math.uwaterloo.ca/hac/


Shalom-Salam,

Werner

--
Werner Koch <wk@gnupg.org>
The GnuPG Experts http://g10code.com
Free Software Foundation Europe http://fsfeurope.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Montag, 21. Juli 2003 10:04 schrieb Werner Koch:
> > So, the problem is: How can I convert the key of type gcry_ac_key_t to a
> > representation that I can encode to a base64 string (for example a byte
> > array)?
>
> Look for gcry_mpi_print or gcry_mpi_aprint. Use GCRY_FMT_PGP if you
> want a 2 bytes header with the number of bits following or
> GCRY_FMT_SSH with a 4 byte header with the number of bytes follwoing
> or simply GCRY_FMT_STD with no header. There is also GCRY_FMT_HEX
> which prints each byte as 2 hex digits.

Ok, but gcry_mpi_print takes a parameter of type gcry_mpi_t and the key is of
type gcry_ac_key_t. I tried to simply convert the key to gcry_mpi_t but this
results in a segementation fault :-( So, how can I convert a gcry_ac_key to a
gcry_mpi?

BTW: Where is struct gcry_ac_key defined? I didn't find the definition of this
structure in the sources.

> > What is the HAC? Where can I find it?
>
> Handbook of Applied Cryptography. Since some time entirely available
> online: http://cacr.math.uwaterloo.ca/hac/

I have a german edition of Bruce Schneier's "Applied Cryptographie" which is a
little bit easier to understand for me :-) I read the chapter about public
key algorithms and the problem of a small encryption exponent.

If I understood this right, the problem only arises when I have several
identical messages, right? So, if the plain text is always different, there's
no problem.

But how can this padding be done? By appending a fix number of random bytes
(for example always 20 bytes) to the plain text that can be easily removed
when decryting the cipher text?

Best regards,
Ralf.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/G7On7YyyfykA0YkRAtORAKCHyEantuIzXZFCOsWtj7aTA3I1hACfQ59z
Kduj+u6eTg5378FnlTuIo0Y=
=NsYT
-----END PGP SIGNATURE-----

On Mon, 21 Jul 2003 11:34:31 +0200, Ralf Schneider said:

> Ok, but gcry_mpi_print takes a parameter of type gcry_mpi_t and the key is of
> type gcry_ac_key_t. I tried to simply convert the key to gcry_mpi_t but this
> results in a segementation fault :-( So, how can I convert a gcry_ac_key to a
The AC interface is pretty new; Moritz can give you some hints.

> I have a german edition of Bruce Schneier's "Applied Cryptographie" which is a
> little bit easier to understand for me :-) I read the chapter about public
> key algorithms and the problem of a small encryption exponent.

AC has a couple of errors and is not sufficient to implement crypto.
HAC is the definitely better. I have not yet looked at
Schneier/Ferguson's "Practical Cryptography" but it aims to be an easy
to understand HOWTO implement crypto protocols. It is probably worth
a read.

> But how can this padding be done? By appending a fix number of random bytes
> (for example always 20 bytes) to the plain text that can be easily removed
> when decryting the cipher text?

See PKCS#1

--
Werner Koch <wk@gnupg.org>
The GnuPG Experts http://g10code.com
Free Software Foundation Europe http://fsfeurope.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Montag, 21. Juli 2003 13:03 schrieb Werner Koch:
> On Mon, 21 Jul 2003 11:34:31 +0200, Ralf Schneider said:
> > Ok, but gcry_mpi_print takes a parameter of type gcry_mpi_t and the key
> > is of type gcry_ac_key_t. I tried to simply convert the key to gcry_mpi_t
> > but this results in a segementation fault :-( So, how can I convert a
> > gcry_ac_key to a
>
> The AC interface is pretty new; Moritz can give you some hints.

OK, Moritz, would you be so kind to give me a hint how to convert a key to an
MPI value?

I tried this:

if (gcry_ac_key_pair_generate (hd, &keyPair, 1024, (void *)0))
{
...
}

privKey = gcry_ac_key_pair_extract (keyPair, GCRY_AC_KEY_SECRET);
pubKey = gcry_ac_key_pair_extract (keyPair, GCRY_AC_KEY_PUBLIC);

char key[2048];
size_t keylen = 2048;

if (gcry_mpi_print (GCRYMPI_FMT_PGP, key, &keylen, (gcry_mpi_t)privKey))
{
...
}

But the call of gcry_mpi_print generates a segmentation fault. How can the
conversion be done?

Thanks in advance,
Ralf.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/G9Mt7YyyfykA0YkRAtVKAJ0SyTbm2pBRB+lzZEwhvAFJn8eI6ACeLF5z
F3/7v/xPXneqWCodRlJn2gU=
=NIaG
-----END PGP SIGNATURE-----

Ralf Schneider <ralf@tapfere-schneiderleins.de> writes:

> Now, I have another conversion problem :-) I want to store the keys
> I generate with gcry_ac_key_pair_generate in a database. My idea was
> to encode them base64 and store them in a VARCHAR field.

As I said before, Libgcrypt provides the functions gcry_mpi_print and
gcry_mpi_scan that can be used for converting MPI values between the
internal and various external representations.

For iterating through all named MPIs contained in a data set, you have
to use gcry_ac_data_length() and gcry_ac_data_get_index(). Soon I
will commit a patch that implements the gcry_ac_key_data_get()
functions, which is needed for extracting the `data set' from a `key'.
With these functions and the included MPI functions you should be able
to convert a complete data set in a way that fits your needs.

Maybe the ac Interface will contain high-level functions for this
purpose in the future; at the moment you have to do the work yourself.

> What is the HAC? Where can I find it?

Handbook of Applied Cryptography, I do not have an URL at hand but it
should be easily to find via Google.

moritz
--
((gpg-key-id . "6F984199")
(email . "moritz@duesseldorf.ccc.de")
(webpage . "http://duesseldorf.ccc.de/~moritz/"))

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Montag, 21. Juli 2003 13:52 schrieb Moritz Schulte:
> For iterating through all named MPIs contained in a data set, you have
> to use gcry_ac_data_length() and gcry_ac_data_get_index(). Soon I
> will commit a patch that implements the gcry_ac_key_data_get()
> functions, which is needed for extracting the `data set' from a `key'.
> With these functions and the included MPI functions you should be able
> to convert a complete data set in a way that fits your needs.

Hi Moritz,

I got the iteration over the MPI values of a key working. It shows 6 MPI
values named n, e, d, p, q and u. But what is the meaning of these values? Do
they together hold the key? Or is the key stored in one of these values?

> Maybe the ac Interface will contain high-level functions for this
> purpose in the future; at the moment you have to do the work yourself.

That would be very helpful.

Thanks,
Ralf.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/G+Cj7YyyfykA0YkRAgWmAJ9f6excrZMqIdlfL04E+lcEq+OspwCfUl+n
A0JJAzqS65LO2f23MyrCEH8=
=g08s
-----END PGP SIGNATURE-----

Ralf Schneider <ralf@tapfere-schneiderleins.de> writes:

> I got the iteration over the MPI values of a key working.

How did you extract the data set from a key (without the function I am
about to commit today)? Or did you initialize your own key from a
given data set?

> It shows 6 MPI values named n, e, d, p, q and u. But what is the
> meaning of these values? Do they together hold the key?

Yes, these values form the `key'. The values you mentioned form the
complete, secret key. The public key is actually the same, with some
values left out. The names and the amount of these MPI values are
algorithm dependent.

moritz
--
((gpg-key-id . "6F984199")
(email . "moritz@duesseldorf.ccc.de")
(webpage . "http://duesseldorf.ccc.de/~moritz/"))

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Montag, 21. Juli 2003 15:09 schrieb Moritz Schulte:
> Ralf Schneider <ralf@tapfere-schneiderleins.de> writes:
> > I got the iteration over the MPI values of a key working.
>
> How did you extract the data set from a key (without the function I am
> about to commit today)? Or did you initialize your own key from a
> given data set?

Oh, it's quite a hack :-) I looked into cipher/ac.c and found the definition
of gcry_ac_key and copied it to my source file (I know this is terrible, but
only for testing :-). Then I wrote this loop:

for (int i = 0; i < gcry_ac_data_length(privKey->data); i++)
{
gcry_ac_data_get_index (privKey->data, i, (const char **)&pname, &mpi);
printf ("MPI value %d: %s", i, pname);
}

> > It shows 6 MPI values named n, e, d, p, q and u. But what is the
> > meaning of these values? Do they together hold the key?
>
> Yes, these values form the `key'. The values you mentioned form the
> complete, secret key. The public key is actually the same, with some
> values left out. The names and the amount of these MPI values are
> algorithm dependent.

What do I have to do to get the key as a byte array? Convert the single MPI
values (gcry_mpi_print) and simply concatenate the resulting strings? You
remember, I want to encode the key base64 and store it in a database.

Thanks for your help,
Ralf.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/G/Ng7YyyfykA0YkRAtE2AJ9ihVridS1EBV3MRzcZU4uS+QoMfQCeKbJm
WKBnCGmg0bSe8P24CbIS0bA=
=dLpf
-----END PGP SIGNATURE-----

Ralf Schneider <ralf@tapfere-schneiderleins.de> writes:

> OK, Moritz, would you be so kind to give me a hint how to convert a
> key to an MPI value?

In the other mail you had included code of yours that uses the
function you need for this task: gcry_ac_data_get_index.

You extract the data set from a key and iterate through the named MPI
values included in that data set; gcry_ac_data_get_index() returns the
the name and/or the MPI value with a given index.

moritz
--
((gpg-key-id . "6F984199")
(email . "moritz@duesseldorf.ccc.de")
(webpage . "http://duesseldorf.ccc.de/~moritz/"))

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Montag, 21. Juli 2003 18:07 schrieb Moritz Schulte:
> You extract the data set from a key and iterate through the named MPI
> values included in that data set; gcry_ac_data_get_index() returns the
> the name and/or the MPI value with a given index.

Ok, and then I have 6 MPI values. What do I have to with them to get the key?

Again the question from the other mail:
What do I have to do to get the key as a byte array? Convert the single MPI
values (gcry_mpi_print) and simply concatenate the resulting strings? You
remember, I want to encode the key base64 and store it in a database.

Best regards,
Ralf.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/HBHO7YyyfykA0YkRAigJAJ0bVwt6HfJOY979SGQJXojmMLVTNQCbBnn6
d3kD1zIPpKUaJViZSaTHwOA=
=PWiB
-----END PGP SIGNATURE-----

Ralf Schneider <ralf@tapfere-schneiderleins.de> writes:

> Ok, and then I have 6 MPI values. What do I have to with them to get
> the key?

Uhm, I think you misunderstood something; *those* MPI values together
form the key, it is everything what you need and the only interesting
piece of information that is stored in a gcry_ac_key_t structure.

> What do I have to do to get the key as a byte array?

Not sure. You need a special format for this purpose.

moritz
--
((gpg-key-id . "6F984199")
(email . "moritz@duesseldorf.ccc.de")
(webpage . "http://duesseldorf.ccc.de/~moritz/"))

Ralf Schneider <ralf@tapfere-schneiderleins.de> writes:

> BTW: Where is struct gcry_ac_key defined?

It's in cipher/ac.c.

moritz
--
((gpg-key-id . "6F984199")
(email . "moritz@duesseldorf.ccc.de")
(webpage . "http://duesseldorf.ccc.de/~moritz/"))

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Montag, 21. Juli 2003 18:20 schrieb Moritz Schulte:
> Ralf Schneider <ralf@tapfere-schneiderleins.de> writes:
> > Ok, and then I have 6 MPI values. What do I have to with them to get
> > the key?
>
> Uhm, I think you misunderstood something; *those* MPI values together

Yes, I think so :-(

> form the key, it is everything what you need and the only interesting
> piece of information that is stored in a gcry_ac_key_t structure.

But what is the content of the files that are created when I generate a key
pair with GPG?

> > What do I have to do to get the key as a byte array?
>
> Not sure. You need a special format for this purpose.

What I want to do is simply store the key (in my case in a database, but it
must be the same when storing it in file) and at a later time I want to
reload the data from the database and rebuild the key from it so that it can
be used for decrypting a piece of encrypted data.

I'm sure there must be a way to manage this :-)

Best regards,
Ralf.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD4DBQE/HBT97YyyfykA0YkRAtvVAJ9akAfgHgGKRuB0inPjghWjiwQiqwCUCPc2
6NYfml3xbl2sn/9s/AD9Qw==
=h4Xb
-----END PGP SIGNATURE-----

Ralf Schneider <ralf@tapfere-schneiderleins.de> writes:

> But what is the content of the files that are created when I
> generate a key pair with GPG?

Those are the same information, i.e.: MPI values, written in a special
format.

moritz
--
((gpg-key-id . "6F984199")
(email . "moritz@duesseldorf.ccc.de")
(webpage . "http://duesseldorf.ccc.de/~moritz/"))

On Mon, 21 Jul 2003 16:06:23 +0200, Ralf Schneider said:

> What do I have to do to get the key as a byte array? Convert the single MPI
> values (gcry_mpi_print) and simply concatenate the resulting strings? You
> remember, I want to encode the key base64 and store it in a database.

You have to make up a format to store the key. This is entirely up to
you. OpenPGP uses its own format as does SSH, X.509, SPKI. A key is
usually more than just the required values for the maths. For
example, with OpenPGP you need at the very least a timestamp - See
rfc2440.

--
Werner Koch <wk@gnupg.org>
The GnuPG Experts http://g10code.com
Free Software Foundation Europe http://fsfeurope.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Dienstag, 22. Juli 2003 00:12 schrieb Moritz Schulte:
> Ralf Schneider <ralf@tapfere-schneiderleins.de> writes:
> > But what is the content of the files that are created when I
> > generate a key pair with GPG?
>
> Those are the same information, i.e.: MPI values, written in a special
> format.

Ok, I think I understood this now :-) Lets assume I have my own format for
storing the MPI values. How can I then restore the key when I recover the MPI
values? Is it simply the other way round:

1. Create a new data set (gcry_ac_data_new)
2. Set the MPI values (gcry_ac_data_set)
3. Create the key from the data set (gcry_ac_key_init)

Or do I have to do anything else?

Best regards,
Ralf.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/HQFA7YyyfykA0YkRAoNOAJkBn+HBDw1Dp5V7Y3ryIkbQZuemtwCfc0Xg
Dp49QRBmz899/t6bChMuQOU=
=HkhW
-----END PGP SIGNATURE-----

Ralf Schneider <ralf@tapfere-schneiderleins.de> writes:

> How can I then restore the key when I recover the MPI values? Is it
> simply the other way round:
>
> 1. Create a new data set (gcry_ac_data_new)
> 2. Set the MPI values (gcry_ac_data_set)
> 3. Create the key from the data set (gcry_ac_key_init)

This is correct.

moritz
--
((gpg-key-id . "6F984199")
(email . "moritz@duesseldorf.ccc.de")
(webpage . "http://duesseldorf.ccc.de/~moritz/"))

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Dienstag, 22. Juli 2003 12:01 schrieb Moritz Schulte:
> Ralf Schneider <ralf@tapfere-schneiderleins.de> writes:
> > How can I then restore the key when I recover the MPI values? Is it
> > simply the other way round:
> >
> > 1. Create a new data set (gcry_ac_data_new)
> > 2. Set the MPI values (gcry_ac_data_set)
> > 3. Create the key from the data set (gcry_ac_key_init)
>
> This is correct.

Unfortunately, it does not work. I implemented the above sequence, but the
recovered key is not valid. I execute the following statements in a loop over
all base64 encode MPI values:

rc = gcry_mpi_scan (&x3, GCRYMPI_FMT_STD, restkey.data(), &restkeylen);
if (rc)
{
...
}

if (gcry_ac_data_set (keyData, mpiName, x3))
{
...
}

restkey is an object of class QByteArray (I use Qt). I compared these byte
arrays (after decoding the base64 string) with the ones when extracting the
MPI values out of the original key (before encoding to base64) and they are
equal. So I assume that the encoding and decoding worked correctly.

After that I restore the key:

gcry_ac_key_t restPrivKey;
if (gcry_ac_key_init (&restPrivKey, hd, GCRY_AC_KEY_SECRET, keyData))
{
...
}

I looked into the structures with the debugger and found out the there's a
difference in the first MPI value (named n). In the original key the value of
mpi->alloced is 33 and in the recovered key it is 32. All the other value are
the same.

Any idea what's going wrong?

Best regards,
Ralf.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/HUMs7YyyfykA0YkRAolqAJ9NGKEgd72Ukk5Yz55qx+ZfrJVGDgCfcD6c
Y7QkyVZIZBNOcAlJvyDr0WY=
=Dsal
-----END PGP SIGNATURE-----

On Tue, 22 Jul 2003 15:59:08 +0200, Ralf Schneider said:

> difference in the first MPI value (named n). In the original key the value of
mpi-> alloced is 33 and in the recovered key it is 32. All the other value are
> the same.

> Any idea what's going wrong?

You should not look at internal data structures.

The space allocated for the MPI might be larger than required without
doing any harm. Note also that you need to use gcry_mpi_cmp to
compare the values. Especially, leading zeroes have no relevance.


Salam-Shalom,

Werner

--
Werner Koch <wk@gnupg.org>
The GnuPG Experts http://g10code.com
Free Software Foundation Europe http://fsfeurope.org

Ralf Schneider <ralf@tapfere-schneiderleins.de> writes:

> Unfortunately, it does not work. I implemented the above sequence,
> but the recovered key is not valid.

What exactly makes you think that it is not `valid'? You said
something about the MPI not being equal because of different sizes; in
case you did not know that you can dump a MPI value with an internal
function for debugging purposes: _gcry_log_mpidump().


moritz
--
((gpg-key-id . "6F984199")
(email . "moritz@duesseldorf.ccc.de")
(webpage . "http://duesseldorf.ccc.de/~moritz/"))

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am Dienstag, 22. Juli 2003 17:44 schrieb Moritz Schulte:
> Ralf Schneider <ralf@tapfere-schneiderleins.de> writes:
> > Unfortunately, it does not work. I implemented the above sequence,
> > but the recovered key is not valid.
>
> What exactly makes you think that it is not `valid'? You said

gcry_ac_key_test returns an error.

> something about the MPI not being equal because of different sizes; in
> case you did not know that you can dump a MPI value with an internal
> function for debugging purposes: _gcry_log_mpidump().

How can I use it? It's declared in src/mpi.h, but when I include this file I
get a lot of errors and warnings during compilation.

Best regards,
Ralf.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE/Hair7YyyfykA0YkRAlkDAJ9Y4qa1xpSTqg6WG/7ByV3hkDlA1ACgjqrM
fZEO1YoAtekp4pxqEzqWaFY=
=jHo0
-----END PGP SIGNATURE-----

Ralf Schneider <ralf@tapfere-schneiderleins.de> writes:

> gcry_ac_key_test returns an error.

Please be a bit more precise; what error?

>> in case you did not know that you can dump a MPI value with an
>> internal function for debugging purposes: _gcry_log_mpidump().
>
> How can I use it?

Well, as I said, it is an internal function and not a public
interface. You can simply use it from within gdb, e.g.:

gdb> p _gcry_log_mpidump ("", mpi_value)

If you want to use it in your source, you better declare it yourself.

moritz
--
((gpg-key-id . "6F984199")
(email . "moritz@duesseldorf.ccc.de")
(webpage . "http://duesseldorf.ccc.de/~moritz/"))