From 9e5f5154b45c464d6babd198245500b251d9bf58 Mon Sep 17 00:00:00 2001 From: Mirek Kratochvil Date: Wed, 19 Mar 2014 09:33:34 +0100 Subject: [PATCH] man: update FAQ --- man/ccr.1 | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/man/ccr.1 b/man/ccr.1 index 6b30c66..f2e15eb 100644 --- a/man/ccr.1 +++ b/man/ccr.1 @@ -266,9 +266,11 @@ can rename or delete more keys at once. Codecrypt is not very good for working directly with large files. Because of the message format and code clarity, whole input files and messages are usually loaded into memory before getting signed/encrypted. Fixing the problem requires -some deep structural changes in Codecrypt, but you can easily workaround the -whole problem using symmetric ciphers (for encryption of large files) or -hashfiles (for signatures of large files). See the \fB\-\-symmetric\fR option. +some deep structural changes in Codecrypt that would break most of the achieved +internal simplicity, therefore the fix is probably not going to happen. You can +easily workaround the whole problem using symmetric ciphers (for encryption of +large files) or hashfiles (for signatures of large files). See the +\fB\-\-symmetric\fR option. FMTSeq signatures are constructed from one-time signature scheme, for this reason the private key changes after each signature, basically by increasing @@ -303,6 +305,19 @@ A: KeyID algorithm changed after that version. If you want, you can manually rewrite the message sencode envelopes to contain new recipient/signer KeyIDs and new message identificators, things should work perfectly after that. +Q: Some signatures from version 1.5 and older fail to verify! + +A: There was a slight mistake in padding of messages shorter than signature +hash function size (64 bytes in the 256-bit-secure signature types) with no +security implications. It was decided not to provide backward compatibility for +this minor use-case. If you really need to verify such signatures, edit the +msg_pad function in src/algos_sig.h so that the `load_key()' function os called +on empty vector instead of `out'. + +Q: I want to sign/encrypt a large file but it took all my RAM and takes ages! + +A: Use \fB--symmetric\fR option. See the `CAVEATS' section for more details. + .SH EXAMPLE Following commands roughly demonstrate command line usage of \fBccr\fR: .nf