| rfc9580v2.txt | rfc9580.txt | |||
|---|---|---|---|---|
| skipping to change at line 2618 ¶ | skipping to change at line 2618 ¶ | |||
| | 3 | Key is retired and no longer | | | 3 | Key is retired and no longer | | |||
| | | used (key revocations) | | | | used (key revocations) | | |||
| +---------+----------------------------------+ | +---------+----------------------------------+ | |||
| | 32 | User ID information is no longer | | | 32 | User ID information is no longer | | |||
| | | valid (cert revocations) | | | | valid (cert revocations) | | |||
| +---------+----------------------------------+ | +---------+----------------------------------+ | |||
| | 100-110 | Private Use | | | 100-110 | Private Use | | |||
| +---------+----------------------------------+ | +---------+----------------------------------+ | |||
| Table 10: OpenPGP Reason for Revocation | Table 10: OpenPGP Reason for Revocation | |||
| Code Registry | (Revocation Octet) Registry | |||
| Following the revocation code is a string of octets that gives | Following the revocation code is a string of octets that gives | |||
| information about the Reason for Revocation in human-readable form | information about the Reason for Revocation in human-readable form | |||
| (UTF-8). The string may be null (of zero length). The length of the | (UTF-8). The string may be null (of zero length). The length of the | |||
| subpacket is the length of the reason string plus one. An | subpacket is the length of the reason string plus one. An | |||
| implementation SHOULD implement this subpacket, include it in all | implementation SHOULD implement this subpacket, include it in all | |||
| revocation signatures, and interpret revocations appropriately. | revocation signatures, and interpret revocations appropriately. | |||
| There are important semantic differences between the reasons, and | There are important semantic differences between the reasons, and | |||
| there are thus important reasons for revoking signatures. | there are thus important reasons for revoking signatures. | |||
| skipping to change at line 4141 ¶ | skipping to change at line 4141 ¶ | |||
| * A final summary authentication tag for the AEAD mode. | * A final summary authentication tag for the AEAD mode. | |||
| The decrypted session key and the salt are used to derive an M-bit | The decrypted session key and the salt are used to derive an M-bit | |||
| message key and N-64 bits used as the IV, where M is the key size of | message key and N-64 bits used as the IV, where M is the key size of | |||
| the symmetric algorithm and N is the nonce size of the AEAD | the symmetric algorithm and N is the nonce size of the AEAD | |||
| algorithm. M + N - 64 bits are derived using HKDF (see [RFC5869]). | algorithm. M + N - 64 bits are derived using HKDF (see [RFC5869]). | |||
| The leftmost M bits are used as a symmetric algorithm key, and the | The leftmost M bits are used as a symmetric algorithm key, and the | |||
| remaining N - 64 bits are used as an IV. HKDF is used with SHA256 | remaining N - 64 bits are used as an IV. HKDF is used with SHA256 | |||
| [RFC6234] as hash algorithm. The session key is used as IKM and the | [RFC6234] as hash algorithm. The session key is used as IKM and the | |||
| salt as salt, and the Packet Type ID in OpenPGP format encoding (bits | salt as salt. The Packet Type ID in OpenPGP format encoding (bits 7 | |||
| 7 and 6 are set, and bits 5-0 carry the packet type ID), version | and 6 are set, and bits 5-0 carry the packet type ID), version | |||
| number, cipher algorithm ID, AEAD algorithm ID, and chunk size octet | number, cipher algorithm ID, AEAD algorithm ID, and chunk size octet | |||
| are used as info parameter. | are used as info parameter. | |||
| The KDF mechanism provides key separation between cipher and AEAD | The KDF mechanism provides key separation between cipher and AEAD | |||
| algorithms. Furthermore, an implementation can securely reply to a | algorithms. Furthermore, an implementation can securely reply to a | |||
| message even if a recipient's certificate is unknown by reusing the | message even if a recipient's certificate is unknown by reusing the | |||
| encrypted session key packets and replying with a different salt that | encrypted session key packets and replying with a different salt that | |||
| yields a new, unique message key. See Section 13.8 for guidance on | yields a new, unique message key. See Section 13.8 for guidance on | |||
| how applications can securely implement this feature. | how applications can securely implement this feature. | |||
| skipping to change at line 4795 ¶ | skipping to change at line 4795 ¶ | |||
| document. | document. | |||
| 9.2. ECC Curves for OpenPGP | 9.2. ECC Curves for OpenPGP | |||
| The parameter curve OID is an array of octets that defines a named | The parameter curve OID is an array of octets that defines a named | |||
| curve. | curve. | |||
| The table below specifies the exact sequence of octets for each named | The table below specifies the exact sequence of octets for each named | |||
| curve referenced in this document. It also specifies which public | curve referenced in this document. It also specifies which public | |||
| key algorithms the curve can be used with, as well as the size of | key algorithms the curve can be used with, as well as the size of | |||
| expected elements in octets: | expected elements in octets. Note that there is a break in | |||
| "EdDSALegacy" for display purposes only. | ||||
| +========================+===+======+==================+===========+ | +======================+===+========+================+======+=======+ | |||
| | ASN.1 Object |OID|Curve | Curve Name |Usage | | |ASN.1 Object |OID| Curve |Curve Name |Usage |Field | | |||
| | Identifier |Len|OID | |(fsize) | | |Identifier |Len| OID | | |Size | | |||
| | | |Octets| | | | | | | Octets | | |(fsize)| | |||
| +========================+===+======+==================+===========+ | +======================+===+========+================+======+=======+ | |||
| | 1.2.840.10045.3.1.7 |8 |2A 86 | NIST P-256 |ECDSA, ECDH| | |1.2.840.10045.3.1.7 |8 | 2A 86 |NIST P-256 |ECDSA,|32 | | |||
| | | |48 CE | |(32) | | | | | 48 CE | |ECDH | | | |||
| | | |3D 03 | | | | | | | 3D 03 | | | | | |||
| | | |01 07 | | | | | | | 01 07 | | | | | |||
| +------------------------+---+------+------------------+-----------+ | +----------------------+---+--------+----------------+------+-------+ | |||
| | 1.3.132.0.34 |5 |2B 81 | NIST P-384 |ECDSA, ECDH| | |1.3.132.0.34 |5 | 2B 81 |NIST P-384 |ECDSA,|48 | | |||
| | | |04 00 | |(48) | | | | | 04 00 | |ECDH | | | |||
| | | |22 | | | | | | | 22 | | | | | |||
| +------------------------+---+------+------------------+-----------+ | +----------------------+---+--------+----------------+------+-------+ | |||
| | 1.3.132.0.35 |5 |2B 81 | NIST P-521 |ECDSA, ECDH| | |1.3.132.0.35 |5 | 2B 81 |NIST P-521 |ECDSA,|66 | | |||
| | | |04 00 | |(66) | | | | | 04 00 | |ECDH | | | |||
| | | |23 | | | | | | | 23 | | | | | |||
| +------------------------+---+------+------------------+-----------+ | +----------------------+---+--------+----------------+------+-------+ | |||
| | 1.3.36.3.3.2.8.1.1.7 |9 |2B 24 | brainpoolP256r1 |ECDSA, ECDH| | |1.3.36.3.3.2.8.1.1.7 |9 | 2B 24 |brainpoolP256r1 |ECDSA,|32 | | |||
| | | |03 03 | |(32) | | | | | 03 03 | |ECDH | | | |||
| | | |02 08 | | | | | | | 02 08 | | | | | |||
| | | |01 01 | | | | | | | 01 01 | | | | | |||
| | | |07 | | | | | | | 07 | | | | | |||
| +------------------------+---+------+------------------+-----------+ | +----------------------+---+--------+----------------+------+-------+ | |||
| | 1.3.36.3.3.2.8.1.1.11 |9 |2B 24 | brainpoolP384r1 |ECDSA, ECDH| | |1.3.36.3.3.2.8.1.1.11 |9 | 2B 24 |brainpoolP384r1 |ECDSA,|48 | | |||
| | | |03 03 | |(48) | | | | | 03 03 | |ECDH | | | |||
| | | |02 08 | | | | | | | 02 08 | | | | | |||
| | | |01 01 | | | | | | | 01 01 | | | | | |||
| | | |0B | | | | | | | 0B | | | | | |||
| +------------------------+---+------+------------------+-----------+ | +----------------------+---+--------+----------------+------+-------+ | |||
| | 1.3.36.3.3.2.8.1.1.13 |9 |2B 24 | brainpoolP512r1 |ECDSA, ECDH| | |1.3.36.3.3.2.8.1.1.13 |9 | 2B 24 |brainpoolP512r1 |ECDSA,|64 | | |||
| | | |03 03 | |(64) | | | | | 03 03 | |ECDH | | | |||
| | | |02 08 | | | | | | | 02 08 | | | | | |||
| | | |01 01 | | | | | | | 01 01 | | | | | |||
| | | |0D | | | | | | | 0D | | | | | |||
| +------------------------+---+------+------------------+-----------+ | +----------------------+---+--------+----------------+------+-------+ | |||
| | 1.3.6.1.4.1.11591.15.1 |9 |2B 06 | Ed25519Legacy |EdDSALegacy| | |1.3.6.1.4.1.11591.15.1|9 | 2B 06 |Ed25519Legacy |EdDSA |32 | | |||
| | | |01 04 | |(32) | | | | | 01 04 | |Legacy| | | |||
| | | |01 DA | | | | | | | 01 DA | | | | | |||
| | | |47 0F | | | | | | | 47 0F | | | | | |||
| | | |01 | | | | | | | 01 | | | | | |||
| +------------------------+---+------+------------------+-----------+ | +----------------------+---+--------+----------------+------+-------+ | |||
| | 1.3.6.1.4.1.3029.1.5.1 |10 |2B 06 | Curve25519Legacy |ECDH (32) | | |1.3.6.1.4.1.3029.1.5.1|10 | 2B 06 |Curve25519Legacy|ECDH |32 | | |||
| | | |01 04 | | | | | | | 01 04 | | | | | |||
| | | |01 97 | | | | | | | 01 97 | | | | | |||
| | | |55 01 | | | | | | | 55 01 | | | | | |||
| | | |05 01 | | | | | | | 05 01 | | | | | |||
| +------------------------+---+------+------------------+-----------+ | +----------------------+---+--------+----------------+------+-------+ | |||
| Table 19: OpenPGP ECC Curve OIDs and Usage Registry | Table 19: OpenPGP ECC Curve OIDs and Usage Registry | |||
| The "Field Size (fsize)" column represents the field size of the | The "Field Size (fsize)" column represents the field size of the | |||
| group in number of octets, rounded up, such that x or y coordinates | group in number of octets, rounded up, such that x or y coordinates | |||
| for a point on the curve or native point representations for the | for a point on the curve or native point representations for the | |||
| curve can be represented in that many octets. The curves specified | curve can be represented in that many octets. The curves specified | |||
| here, and scalars such as the base point order and the private key, | here, and scalars such as the base point order and the private key, | |||
| can be represented in fsize octets. However, note that curves exist | can be represented in fsize octets. However, note that curves exist | |||
| outside this specification where the representation of scalars | outside this specification where the representation of scalars | |||
| requires an additional octet. | requires an additional octet. | |||
| skipping to change at line 4917 ¶ | skipping to change at line 4918 ¶ | |||
| +----------------+--------+------------+-------+---------+----------+ | +----------------+--------+------------+-------+---------+----------+ | |||
| Table 20: OpenPGP ECC Curve-Specific Wire Formats Registry | Table 20: OpenPGP ECC Curve-Specific Wire Formats Registry | |||
| For the native octet-string forms of Ed25519Legacy values, see | For the native octet-string forms of Ed25519Legacy values, see | |||
| [RFC8032]. For the native octet-string forms of Curve25519Legacy | [RFC8032]. For the native octet-string forms of Curve25519Legacy | |||
| secret scalars and points, see [RFC7748]. | secret scalars and points, see [RFC7748]. | |||
| 9.3. Symmetric-Key Algorithms | 9.3. Symmetric-Key Algorithms | |||
| +=========+===================================+================+ | +=========+==============================+==========================+ | |||
| | ID | Algorithm | Reference | | | ID | Algorithm | Reference | | |||
| +=========+===================================+================+ | +=========+==============================+==========================+ | |||
| | 0 | Plaintext or unencrypted data | [RFC9580] | | | 0 | Plaintext or unencrypted | [RFC9580] | | |||
| +---------+-----------------------------------+----------------+ | | | data | | | |||
| | 1 | IDEA | [IDEA] | | +---------+------------------------------+--------------------------+ | |||
| | | | [RFC9580] | | | 1 | IDEA | [IDEA] | | |||
| +---------+-----------------------------------+----------------+ | | | | [RFC9580] | | |||
| | 2 | TripleDES (or DES-EDE) [SP800-67] | [RFC9580] | | +---------+------------------------------+--------------------------+ | |||
| | | with 168-bit key derived from 192 | | | | 2 | TripleDES (or DES-EDE) with | [SP800-67] | | |||
| +---------+-----------------------------------+----------------+ | | | 168-bit key derived from 192 | [RFC9580] | | |||
| | 3 | CAST5 with 128-bit key [RFC2144] | [RFC9580] | | +---------+------------------------------+--------------------------+ | |||
| +---------+-----------------------------------+----------------+ | | 3 | CAST5 with 128-bit key | [RFC2144] | | |||
| | 4 | Blowfish with 128-bit key, 16 | [BLOWFISH] | | | | | [RFC9580] | | |||
| | | rounds | | | +---------+------------------------------+--------------------------+ | |||
| +---------+-----------------------------------+----------------+ | | 4 | Blowfish with 128-bit key, | [BLOWFISH] | | |||
| | 5 | Reserved | [RFC9580] | | | | 16 rounds | | | |||
| +---------+-----------------------------------+----------------+ | +---------+------------------------------+--------------------------+ | |||
| | 6 | Reserved | [RFC9580] | | | 5 | Reserved | [RFC9580] | | |||
| +---------+-----------------------------------+----------------+ | +---------+------------------------------+--------------------------+ | |||
| | 7 | AES with 128-bit key | [AES] | | | 6 | Reserved | [RFC9580] | | |||
| +---------+-----------------------------------+----------------+ | +---------+------------------------------+--------------------------+ | |||
| | 8 | AES with 192-bit key | [RFC9580] | | | 7 | AES with 128-bit key | [AES] | | |||
| +---------+-----------------------------------+----------------+ | +---------+------------------------------+--------------------------+ | |||
| | 9 | AES with 256-bit key | [RFC9580] | | | 8 | AES with 192-bit key | [RFC9580] | | |||
| +---------+-----------------------------------+----------------+ | +---------+------------------------------+--------------------------+ | |||
| | 10 | Twofish with 256-bit key | [TWOFISH] | | | 9 | AES with 256-bit key | [RFC9580] | | |||
| +---------+-----------------------------------+----------------+ | +---------+------------------------------+--------------------------+ | |||
| | 11 | Camellia with 128-bit key | [RFC3713] | | | 10 | Twofish with 256-bit key | [TWOFISH] | | |||
| +---------+-----------------------------------+----------------+ | +---------+------------------------------+--------------------------+ | |||
| | 12 | Camellia with 192-bit key | [RFC9580] | | | 11 | Camellia with 128-bit key | [RFC3713] | | |||
| +---------+-----------------------------------+----------------+ | +---------+------------------------------+--------------------------+ | |||
| | 13 | Camellia with 256-bit key | [RFC9580] | | | 12 | Camellia with 192-bit key | [RFC9580] | | |||
| +---------+-----------------------------------+----------------+ | +---------+------------------------------+--------------------------+ | |||
| | 100-110 | Private or Experimental Use | [RFC9580] | | | 13 | Camellia with 256-bit key | [RFC9580] | | |||
| +---------+-----------------------------------+----------------+ | +---------+------------------------------+--------------------------+ | |||
| | 253-255 | Reserved to avoid collision with | See Table 2 | | | 100-110 | Private or Experimental Use | [RFC9580] | | |||
| | | Secret Key Encryption | and [RFC9580], | | +---------+------------------------------+--------------------------+ | |||
| | | | Section 5.5.3 | | | 253-255 | Reserved to avoid collision | See Table 2 | | |||
| +---------+-----------------------------------+----------------+ | | | with Secret Key Encryption | and [RFC9580], | | |||
| | | | Section 5.5.3 | | ||||
| +---------+------------------------------+--------------------------+ | ||||
| Table 21: OpenPGP Symmetric Key Algorithms Registry | Table 21: OpenPGP Symmetric Key Algorithms Registry | |||
| Implementations MUST implement AES-128. Implementations SHOULD | Implementations MUST implement AES-128. Implementations SHOULD | |||
| implement AES-256. Implementations MUST NOT encrypt data with IDEA, | implement AES-256. Implementations MUST NOT encrypt data with IDEA, | |||
| TripleDES, or CAST5. Implementations MAY decrypt data that uses | TripleDES, or CAST5. Implementations MAY decrypt data that uses | |||
| IDEA, TripleDES, or CAST5 for the sake of reading older messages or | IDEA, TripleDES, or CAST5 for the sake of reading older messages or | |||
| new messages from implementations predating support for [RFC2440]. | new messages from implementations predating support for [RFC2440]. | |||
| An Implementation that decrypts data using IDEA, TripleDES, or CAST5 | An Implementation that decrypts data using IDEA, TripleDES, or CAST5 | |||
| SHOULD generate a deprecation warning about the symmetric algorithm, | SHOULD generate a deprecation warning about the symmetric algorithm, | |||
| indicating that message confidentiality is suspect. Implementations | indicating that message confidentiality is suspect. Implementations | |||
| MAY implement any other algorithm. | MAY implement any other algorithm. | |||
| skipping to change at line 6917 ¶ | skipping to change at line 6920 ¶ | |||
| Table 5. | Table 5. | |||
| IANA has renamed the "Key Server Preference Extensions" registry to | IANA has renamed the "Key Server Preference Extensions" registry to | |||
| "OpenPGP Key Server Preference Flags" and updated its contents as | "OpenPGP Key Server Preference Flags" and updated its contents as | |||
| shown in Table 8. | shown in Table 8. | |||
| IANA has renamed the "Key Flags Extensions" registry to "OpenPGP Key | IANA has renamed the "Key Flags Extensions" registry to "OpenPGP Key | |||
| Flags" and updated its contents as shown in Table 9. | Flags" and updated its contents as shown in Table 9. | |||
| IANA has renamed the "Reason for Revocation Extensions" registry to | IANA has renamed the "Reason for Revocation Extensions" registry to | |||
| "OpenPGP Reason for Revocation Code" and updated its contents as | "OpenPGP Reason for Revocation (Revocation Octet)" and updated its | |||
| shown in Table 10. | contents as shown in Table 10. | |||
| IANA has renamed the "Implementation Features" registry to "OpenPGP | IANA has renamed the "Implementation Features" registry to "OpenPGP | |||
| Features Flags" and updated its contents as shown in Table 11. | Features Flags" and updated its contents as shown in Table 11. | |||
| IANA has renamed the "PGP User Attribute Types" registry to "OpenPGP | IANA has renamed the "PGP User Attribute Types" registry to "OpenPGP | |||
| User Attribute Subpacket Types" and updated its contents as shown in | User Attribute Subpacket Types" and updated its contents as shown in | |||
| Table 13. | Table 13. | |||
| IANA has renamed the "Image Format Subpacket Types" registry to | IANA has renamed the "Image Format Subpacket Types" registry to | |||
| "OpenPGP Image Attribute Encoding Format" and updated its contents as | "OpenPGP Image Attribute Encoding Format" and updated its contents as | |||
| skipping to change at line 7754 ¶ | skipping to change at line 7757 ¶ | |||
| 0x0069 00 Compression: [none] | 0x0069 00 Compression: [none] | |||
| 0x006a 02 subpkt length | 0x006a 02 subpkt length | |||
| 0x006b 9b critical subpkt: Key Flags | 0x006b 9b critical subpkt: Key Flags | |||
| 0x006c 03 Key Flags: {certify, sign} | 0x006c 03 Key Flags: {certify, sign} | |||
| 0x006d 02 subpkt length | 0x006d 02 subpkt length | |||
| 0x006e 1e subpkt type: Features | 0x006e 1e subpkt type: Features | |||
| 0x006f 09 Features: {SEIPDv1, SEIPDv2} | 0x006f 09 Features: {SEIPDv1, SEIPDv2} | |||
| 0x0070 22 subpkt length | 0x0070 22 subpkt length | |||
| 0x0071 21 subpkt type: Issuer Fingerprint | 0x0071 21 subpkt type: Issuer Fingerprint | |||
| 0x0072 06 Fingerprint version 6 | 0x0072 06 Fingerprint version 6 | |||
| 0x0073 cb 18 6c 4f 06 Issuer Fingerprint | 0x0073 cb 18 6c 4f 06 Fingerprint | |||
| 0x0078 09 a6 97 e4 d5 2d fa 6c | 0x0078 09 a6 97 e4 d5 2d fa 6c | |||
| 0x0080 72 2b 0c 1f 1e 27 c1 8a | 0x0080 72 2b 0c 1f 1e 27 c1 8a | |||
| 0x0088 56 70 8f 65 25 ec 27 ba | 0x0088 56 70 8f 65 25 ec 27 ba | |||
| 0x0090 d9 ac c9 | 0x0090 d9 ac c9 | |||
| 0x0093 05 subpkt length | 0x0093 05 subpkt length | |||
| 0x0094 27 subpkt type: Pref. AEAD Ciphersuites | 0x0094 27 subpkt type: Pref. AEAD Ciphersuites | |||
| 0x0095 09 02 07 Ciphersuites: | 0x0095 09 02 07 Ciphersuites: | |||
| 0x0098 02 [ AES256-OCB, AES128-OCB ] | 0x0098 02 [ AES256-OCB, AES128-OCB ] | |||
| 0x0099 06 sig version | 0x0099 06 sig version | |||
| 0x009a ff sentinel octet | 0x009a ff sentinel octet | |||
| skipping to change at line 8197 ¶ | skipping to change at line 8200 ¶ | |||
| 0x0060 28 6e 11 77 d0 0f 88 8a | 0x0060 28 6e 11 77 d0 0f 88 8a | |||
| 0x0068 db 31 c4 | 0x0068 db 31 c4 | |||
| The same data, broken out by octet and semantics, is: | The same data, broken out by octet and semantics, is: | |||
| 0x0000 d2 packet type: SEIPD | 0x0000 d2 packet type: SEIPD | |||
| 0x0001 69 packet length | 0x0001 69 packet length | |||
| 0x0002 02 SEIPD version 2 | 0x0002 02 SEIPD version 2 | |||
| 0x0003 07 cipher: AES128 | 0x0003 07 cipher: AES128 | |||
| 0x0004 02 AEAD mode: OCB | 0x0004 02 AEAD mode: OCB | |||
| 0x0005 06 chunk size (2**12 octets) | 0x0005 06 chunk size (2^12 octets) | |||
| 0x0006 61 64 salt | 0x0006 61 64 salt | |||
| 0x0008 16 53 5b e0 b0 71 6d 60 | 0x0008 16 53 5b e0 b0 71 6d 60 | |||
| 0x0010 e0 52 a5 6c 4c 40 7f 9e | 0x0010 e0 52 a5 6c 4c 40 7f 9e | |||
| 0x0018 b3 6b 0e fa fe 9a d0 a0 | 0x0018 b3 6b 0e fa fe 9a d0 a0 | |||
| 0x0020 df 9b 03 3c 69 a2 | 0x0020 df 9b 03 3c 69 a2 | |||
| 0x0026 1b a9 chunk #0 encrypted data | 0x0026 1b a9 chunk #0 encrypted data | |||
| 0x0028 eb d2 c0 ec 95 bf 56 9d | 0x0028 eb d2 c0 ec 95 bf 56 9d | |||
| 0x0030 25 c9 99 ee 4a 3d e1 70 | 0x0030 25 c9 99 ee 4a 3d e1 70 | |||
| 0x0038 58 f4 0d fa 8b 4c 68 2b | 0x0038 58 f4 0d fa 8b 4c 68 2b | |||
| 0x0040 e3 fb bb d7 b2 7e b0 f5 | 0x0040 e3 fb bb d7 b2 7e b0 f5 | |||
| skipping to change at line 8381 ¶ | skipping to change at line 8384 ¶ | |||
| 0x0060 f5 e2 25 5c a7 82 61 54 | 0x0060 f5 e2 25 5c a7 82 61 54 | |||
| 0x0068 6e 33 9a | 0x0068 6e 33 9a | |||
| The same data, broken out by octet and semantics, is: | The same data, broken out by octet and semantics, is: | |||
| 0x0000 d2 packet type: SEIPD | 0x0000 d2 packet type: SEIPD | |||
| 0x0001 69 packet length | 0x0001 69 packet length | |||
| 0x0002 02 SEIPD version 2 | 0x0002 02 SEIPD version 2 | |||
| 0x0003 07 cipher: AES128 | 0x0003 07 cipher: AES128 | |||
| 0x0004 01 AEAD mode: EAX | 0x0004 01 AEAD mode: EAX | |||
| 0x0005 06 chunk size (2**12 octets) | 0x0005 06 chunk size (2^12 octets) | |||
| 0x0005 9f f9 salt | 0x0005 9f f9 salt | |||
| 0x0008 0e 3b 32 19 64 f3 a4 29 | 0x0008 0e 3b 32 19 64 f3 a4 29 | |||
| 0x0010 13 c8 dc c6 61 93 25 01 | 0x0010 13 c8 dc c6 61 93 25 01 | |||
| 0x0018 52 27 ef b7 ea ea a4 9f | 0x0018 52 27 ef b7 ea ea a4 9f | |||
| 0x0020 04 c2 e6 74 17 5d | 0x0020 04 c2 e6 74 17 5d | |||
| 0x0026 4a 3d chunk #0 encrypted data | 0x0026 4a 3d chunk #0 encrypted data | |||
| 0x0028 22 6e d6 af cb 9c a9 ac | 0x0028 22 6e d6 af cb 9c a9 ac | |||
| 0x0030 12 2c 14 70 e1 1c 63 d4 | 0x0030 12 2c 14 70 e1 1c 63 d4 | |||
| 0x0038 c0 ab 24 1c 6a 93 8a d4 | 0x0038 c0 ab 24 1c 6a 93 8a d4 | |||
| 0x0040 8b f9 9a 5a 99 b9 0b ba | 0x0040 8b f9 9a 5a 99 b9 0b ba | |||
| skipping to change at line 8557 ¶ | skipping to change at line 8560 ¶ | |||
| 0x0060 69 4a 87 7a d4 24 73 23 | 0x0060 69 4a 87 7a d4 24 73 23 | |||
| 0x0068 f6 e8 57 | 0x0068 f6 e8 57 | |||
| The same data, broken out by octet and semantics, is: | The same data, broken out by octet and semantics, is: | |||
| 0x0000 d2 packet type: SEIPD | 0x0000 d2 packet type: SEIPD | |||
| 0x0001 69 packet length | 0x0001 69 packet length | |||
| 0x0002 02 SEIPD version 2 | 0x0002 02 SEIPD version 2 | |||
| 0x0003 07 cipher: AES128 | 0x0003 07 cipher: AES128 | |||
| 0x0004 02 AEAD mode: OCB | 0x0004 02 AEAD mode: OCB | |||
| 0x0005 06 chunk size (2**21 octets) | 0x0005 06 chunk size (2^12 octets) | |||
| 0x0006 20 a6 salt | 0x0006 20 a6 salt | |||
| 0x0008 61 f7 31 fc 9a 30 32 b5 | 0x0008 61 f7 31 fc 9a 30 32 b5 | |||
| 0x0010 62 33 26 02 7e 3a 5d 8d | 0x0010 62 33 26 02 7e 3a 5d 8d | |||
| 0x0018 b5 74 8e be ff 0b 0c 59 | 0x0018 b5 74 8e be ff 0b 0c 59 | |||
| 0x0020 10 d0 9e cd d6 41 | 0x0020 10 d0 9e cd d6 41 | |||
| 0x0026 ff 9f chunk #0 encrypted data | 0x0026 ff 9f chunk #0 encrypted data | |||
| 0x0028 d3 85 62 75 80 35 bc 49 | 0x0028 d3 85 62 75 80 35 bc 49 | |||
| 0x0030 75 4c e1 bf 3f ff a7 da | 0x0030 75 4c e1 bf 3f ff a7 da | |||
| 0x0038 d0 a3 b8 10 4f 51 33 cf | 0x0038 d0 a3 b8 10 4f 51 33 cf | |||
| 0x0040 42 a4 10 0a 83 ee f4 ca | 0x0040 42 a4 10 0a 83 ee f4 ca | |||
| skipping to change at line 8731 ¶ | skipping to change at line 8734 ¶ | |||
| 0x0060 ff 43 31 f1 63 29 07 39 | 0x0060 ff 43 31 f1 63 29 07 39 | |||
| 0x0068 9e 6f f9 | 0x0068 9e 6f f9 | |||
| The same data, broken out by octet and semantics, is: | The same data, broken out by octet and semantics, is: | |||
| 0x0000 d2 packet type: SEIPD | 0x0000 d2 packet type: SEIPD | |||
| 0x0001 69 packet length | 0x0001 69 packet length | |||
| 0x0002 02 SEIPD version 2 | 0x0002 02 SEIPD version 2 | |||
| 0x0003 07 cipher: AES128 | 0x0003 07 cipher: AES128 | |||
| 0x0004 03 AEAD mode: GCM | 0x0004 03 AEAD mode: GCM | |||
| 0x0005 06 chunk size (2**21 octets) | 0x0005 06 chunk size (2^12 octets) | |||
| 0x0006 fc b9 salt | 0x0006 fc b9 salt | |||
| 0x0008 44 90 bc b9 8b bd c9 d1 | 0x0008 44 90 bc b9 8b bd c9 d1 | |||
| 0x0010 06 c6 09 02 66 94 0f 72 | 0x0010 06 c6 09 02 66 94 0f 72 | |||
| 0x0018 e8 9e dc 21 b5 59 6b 15 | 0x0018 e8 9e dc 21 b5 59 6b 15 | |||
| 0x0020 76 b1 01 ed 0f 9f | 0x0020 76 b1 01 ed 0f 9f | |||
| 0x0026 fc 6f chunk #0 encrypted data | 0x0026 fc 6f chunk #0 encrypted data | |||
| 0x0028 c6 d6 5b bf d2 4d cd 07 | 0x0028 c6 d6 5b bf d2 4d cd 07 | |||
| 0x0030 90 96 6e 6d 1e 85 a3 00 | 0x0030 90 96 6e 6d 1e 85 a3 00 | |||
| 0x0038 53 78 4c b1 d8 b6 a0 69 | 0x0038 53 78 4c b1 d8 b6 a0 69 | |||
| 0x0040 9e f1 21 55 a7 b2 ad 62 | 0x0040 9e f1 21 55 a7 b2 ad 62 | |||
| skipping to change at line 8814 ¶ | skipping to change at line 8817 ¶ | |||
| -----BEGIN PGP MESSAGE----- | -----BEGIN PGP MESSAGE----- | |||
| wzwGGgcDCwMI6dOXhbIHAAj/tC58SD70iERXyzcmubPbn/d25fTZpAlS4kRymIUa | wzwGGgcDCwMI6dOXhbIHAAj/tC58SD70iERXyzcmubPbn/d25fTZpAlS4kRymIUa | |||
| v/91Jt8t1VRBdXmneZ/SaQIHAwb8uUSQvLmLvcnRBsYJAmaUD3LontwhtVlrFXax | v/91Jt8t1VRBdXmneZ/SaQIHAwb8uUSQvLmLvcnRBsYJAmaUD3LontwhtVlrFXax | |||
| Ae0Pn/xvxtZbv9JNzQeQlm5tHoWjAFN4TLHYtqBpnvEhVaeyrWJYUxtXZR/Xd3kS | Ae0Pn/xvxtZbv9JNzQeQlm5tHoWjAFN4TLHYtqBpnvEhVaeyrWJYUxtXZR/Xd3kS | |||
| +pXjXZtAIW9ppMJI2yj/QzHxYykHOZ5v+Q== | +pXjXZtAIW9ppMJI2yj/QzHxYykHOZ5v+Q== | |||
| -----END PGP MESSAGE----- | -----END PGP MESSAGE----- | |||
| A.12. Sample Messages Encrypted Using Argon2 | A.12. Sample Messages Encrypted Using Argon2 | |||
| These messages are the literal data "Hello, world!" encrypted using | These messages are the literal data Hello, world! encrypted using v1 | |||
| v1 SEIPD, with Argon2 and the passphrase "password", using different | SEIPD, with Argon2 and the passphrase "password", using different | |||
| session key sizes. In each example, the choice of symmetric cipher | session key sizes. In each example, the choice of symmetric cipher | |||
| is the same in both the v4 SKESK packet and v1 SEIPD packet. In all | is the same in both the v4 SKESK packet and v1 SEIPD packet. In all | |||
| cases, the Argon2 parameters are t = 1, p = 4, and m = 21. | cases, the Argon2 parameters are t = 1, p = 4, and m = 21. | |||
| A.12.1. Version 4 SKESK Using Argon2 with AES-128 | A.12.1. Version 4 SKESK Using Argon2 with AES-128 | |||
| -----BEGIN PGP MESSAGE----- | -----BEGIN PGP MESSAGE----- | |||
| Comment: Encrypted using AES with 128-bit key | Comment: Encrypted using AES with 128-bit key | |||
| Comment: Session key: 01FE16BBACFD1E7B78EF3B865187374F | Comment: Session key: 01FE16BBACFD1E7B78EF3B865187374F | |||
| End of changes. 14 change blocks. | ||||
| 103 lines changed or deleted | 106 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. | ||||