projects / u / mdw / catacomb / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
catcrypt security fix: sign metadata.
[u/mdw/catacomb] / catcrypt.1
diff --git a/catcrypt.1 b/catcrypt.1
index 6803067..d4ef3e1 100644 (file)
--- a/catcrypt.1
+++ b/catcrypt.1
@@ -685,8 +685,9 @@ Use the first bits of the keystream to key a symmetric encryption
 scheme; use the next bits to key a message authentication code.
 .hP 4.
 If we're signing the message then extract 1024 bytes from the keystream,
-sign them, and emit a packet containing the signature.  The signature
-packet doesn't contain the signed message, just the signature.
+sign the header and public value, and the keystream bytes; emit a packet
+containing the signature.  The signature packet doesn't contain the
+signed message, just the signature.
 .hP 5.
 Split the message into blocks.  For each block, pick a random IV from
 the keystream, encrypt the block and emit a packet containing the
Catacomb cryptographic library (downstream of http://git.distorted.org.uk/~mdw/catacomb/)