added CBC encryption mode (configure --enable-cbc)

2025-12-17 20:00:58 +01:00 · 2014-01-28 12:20:30 +01:00
parent ad009a8142
commit 5ae1d07067
9 changed files with 166 additions and 65 deletions
--- a/11
+++ b/11
@@ -24,7 +24,7 @@

 	Detached signatures are still supported as before,
 	for the user everything with them is as known, but
-	the commandline option -a (--detach) have to be
+	the commandline option -f (--sigfile) have to be
 	applied. Internally, however, inputs will be read in
 	32k blockwise as well. Detached signatures are now
 	z85 encoded always.
@@ -39,6 +39,15 @@
 	doesn't verify. Currently pcp1 failes in this case,
 	but leaves the decrypted result on disk. Hm...

+	The default encryption mode with pcp (and pbp as of
+	this writing) is ECB. Each 32k block is encrypted
+	independently. While ECB is generally a bad choice,
+	the 32k blocksize compensates for it. However, just
+	to have to option, if we decide to use CBC instead,
+	I already implemented it. It must be enabled at
+	compile time with ./configure --enable-cbc. CBC mode
+	in PCP uses a blocksize of 1k.
+
 0.1.5   Fixed a segmentation fault when using pcp1 -t on a
 	public key. I added a double free() there by purpose
 	to test segfault catching I added in unittest.pl