From aaa2361e4d7491eb3454bdede6eeeb95c35d1691 Mon Sep 17 00:00:00 2001
From: mdw <mdw>
Date: Mon, 4 Oct 2004 08:16:38 +0000
Subject: [PATCH] Observe in the manpage that catcrypt prevents file truncation
 by securely marking the end of the ciphertext.

---
 catcrypt.1 | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/catcrypt.1 b/catcrypt.1
index 603d1d1..e38f441 100644
--- a/catcrypt.1
+++ b/catcrypt.1
@@ -664,7 +664,12 @@ packet doesn't contain the signed message, just the signature.
 .hP 5.
 Split the message into blocks.  For each block, pick a random IV from
 the keystream, encrypt the block and emit a packet containing the
-IV, ciphertext and a MAC tag.
+IV, ciphertext, and a MAC tag over the ciphertext and a sequence number.
+.hP 6.
+The last chunk is the encryption of an empty plaintext block.  No
+previous plaintext block is empty.  This lets us determine the
+difference between a complete file and one that's been maliciously
+truncated.
 .PP
 That's it.  Nothing terribly controversial, really.
 .SH "SEE ALSO"
-- 
2.11.0