I have a vendor I send files to that sporadically has trouble decrypting
my BC files (most of the files work fine though). In an effort to
determine the reason and rule out whether or not BC is at fault I've
first focused on determining what PGP is doing to my files compared to
what BC is doing to my files. They never have trouble decrypting a PGP
made file. Doing some tests with a key I control I get a difference of
516 bytes between the PGP generated file and BC generated file.
I've traced down the difference to the Public Key Encrypted Data packet.
Both files are just plain encrypted and not signed and are using Elgamal
keys with CAST5 and SHA1, and are both using the same encrypting key.
Since I'm not an expert on decrypting the session key part of the packet
I cannot tell why they are different. The only guess I have why PGP
creates a longer packet is because it's encrypting to more than one key
thus generating more than one session key.
Can anyone verify that this guess is correct or not? If it's not, does
anyone know of any other reasons for a difference in size of the
encrypted packet when both files are encrypted using the same key,
algorithm, and hashing method?
Also as a side note I noticed that both PGP and BC use old and new
version packet lengths. What's ironic is that on the file I'm checking
they both alternate using the two versions in way exactly opposite of
For example (given 3 consecutive packets in a file):
BC -> New version, Old version, New version
PGP-> Old version, New version, Old version
This is the only other major difference between the two that I have
noticed and might cause problems with my vendor's version of the PGP