Expand description
Padding for OpenPGP messages.
To reduce the amount of information leaked via the message length, encrypted OpenPGP messages (see Section 10.3 of RFC 9580) should be padded.
To pad a message using the streaming serialization interface, the
Padder needs to be inserted into the writing stack between the
Encryptor and Signer. This is illustrated in this
example.
§Padding in OpenPGP
RFC9580 introduced a padding packet that will be emitted when composing an RFC9580 message. Unfortunately, RFC4880 does not have a robust way to pad messages. Therefore, when composing an RFC4880 message, the message will not be padded.
To be effective, the padding layer must be placed inside the
encryption container. To increase compatibility, the padding
layer must not be signed. That is to say, the message structure
should be (encryption (ops literal signature padding)).
Structs§
- Padder
- Pads a packet stream.
Functions§
- padme
- Padmé padding scheme.