Mailing List Archive

use key, not passphrase, in symmetric encryption
I want to encrypt a file symmetrically but use a key instead of a
passphrase.

Is this possible?

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: use key, not passphrase, in symmetric encryption [ In reply to ]
On 10/16/2011 14:37, sweepslate wrote:
> I want to encrypt a file symmetrically but use a key instead of a
> passphrase.

It's sort of hard to understand what you're trying to accomplish, can
you give us more details?


Doug

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: use key, not passphrase, in symmetric encryption [ In reply to ]
The end goal is to encrypt a volume of around 100GB of personal files
that I'll be carrying arround with me in a portable drive.

It's around 14000 files, so I can't possibly encrypt them one-by-one
interactively! Doing a tarball is going to be time-consuming, space
consuming [1], and cumbersome. Also the process can't be stoped (and
it's going to be a big process), and the only thing I'm gaining is
hidding the original filenames, which I do not care in this scenario. So
I'd like to avoid the tarball. If possible.

So I concluced that I need a non-interactive, 'scriptable' if you'd
like, way to perform the action.

I wanted to use symmetric so as not to add unnecessary complexity to the
solution. I'm only encrypting to myself.

I wanted to use something larger than a passphrase so I wondered if I
can use a key. But on a second thought, I could use a SHA512SUM as a
passphrase, which is 128 bytes in length. That makes it 1024 bits;
correct? It's like a small key. I could use 4 of them combined for the
strength of a key of 4096 bits.

If it's not possible to use a key or a 128-512 bytes passphrase, I could
go for the classic way of public-private key. But I want to keep public
key encryption as a last resort (I have reasons additional to complexity).

The key point is doing the encryption of 14000 files in a
non-interactive way.

[1] While encrypting single files can be done progressively, in the same
drive, without requiring exta space.

On 10/17/2011 4:37 AM, Doug Barton wrote:
> On 10/16/2011 14:37, sweepslate wrote:
>> I want to encrypt a file symmetrically but use a key instead of a
>> passphrase.
>
> It's sort of hard to understand what you're trying to accomplish, can
> you give us more details?
>
>
> Doug

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: use key, not passphrase, in symmetric encryption [ In reply to ]
On 10/17/2011 7:51 AM, sweepslate wrote:
> I wanted to use something larger than a passphrase so I wondered if I
> can use a key. But on a second thought, I could use a SHA512SUM as a
> passphrase, which is 128 bytes in length. That makes it 1024 bits;
> correct? It's like a small key. I could use 4 of them combined for the
> strength of a key of 4096 bits.

Other people will explain how to use various command-line options to do
what you want: me, I'm going to offer a hopefully polite correction.

Asymmetric key lengths cannot be directly compared to symmetric key
lengths. A 128-bit *symmetric* cipher is roughly a trillion times
stronger than a 1024-bit *asymmetric* cipher: in fact, the general
understanding is that a 128-bit symmetric cipher is comparable to a
3072-bit asymmetric cipher.

You can use symmetric cryptography, driven by a passphrase and hashed
with a good algorithm, with confidence.


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: use key, not passphrase, in symmetric encryption [ In reply to ]
Am Montag, 17. Oktober 2011, 13:51:03 schrieb sweepslate:
> The end goal is to encrypt a volume of around 100GB of personal files
> that I'll be carrying arround with me in a portable drive.

> The key point is doing the encryption of 14000 files in a
> non-interactive way.

echo fubar | gpg --symmetric --passphrase-fd 0 --batch file.txt

Or use --passphrase-file


Hauke
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
Re: use key, not passphrase, in symmetric encryption [ In reply to ]
On Mon, Oct 17, 2011 at 7:51 AM, sweepslate <sweepslate@gmail.com> wrote:
> The end goal is to encrypt a volume of around 100GB of personal files that
> I'll be carrying arround with me in a portable drive.

I like GnuPG as much as the next guy around here, but is there a
reason you want to use GPG instead of a tool designed for disk
encryption? TrueCrypt is cross-platform and works well... if you're
Windows-only, there's BitLocker, and for Linux there's LUKS/dm-crypt
and eCryptFS.



--
David Tomaschik, RHCE, LPIC-1
System Administrator/Open Source Advocate
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david@systemoverlord.com

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: use key, not passphrase, in symmetric encryption [ In reply to ]
This works, thank you :)

On 10/17/2011 4:09 PM, Hauke Laging wrote:
> Am Montag, 17. Oktober 2011, 13:51:03 schrieb sweepslate:
>> The end goal is to encrypt a volume of around 100GB of personal files
>> that I'll be carrying arround with me in a portable drive.
>
>> The key point is doing the encryption of 14000 files in a
>> non-interactive way.
>
> echo fubar | gpg --symmetric --passphrase-fd 0 --batch file.txt
>
> Or use --passphrase-file
>
>
> Hauke

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: use key, not passphrase, in symmetric encryption [ In reply to ]
On 10/17/2011 4:49 PM, David Tomaschik wrote:
> I like GnuPG as much as the next guy around here, but is there a
> reason you want to use GPG instead of a tool designed for disk
> encryption? TrueCrypt is cross-platform and works well... if you're
> Windows-only, there's BitLocker, and for Linux there's LUKS/dm-crypt
> and eCryptFS.

I don't want to do disk encryption, I want to do file encryption.

GPG is more easily available than TrueCrypt and I care for a simple
scenario where I will be able to decrypt one or more files with minimal
setup. I can carry the Win32 GPG binaries inside the hard drive.

TrueCrypt would provide a more transparent and automated solution but
the cost would be simplicity.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users