How to split up gpg data into multiple volumes?
Werner Koch
wk@gnupg.org
Thu Aug 8 09:45:02 2002
On Wed, 07 Aug 2002 16:10:43 -0700, Ben Escoto said:
> 1. Stream in and out of a gpg process. Split the output up at the
> appropriate intervals and save it. This is what I'm doing now.
> It works, but is it possible to read one volume without starting
> from the beginning?
No. You need the session key which is stored in the beginning and the
last block from the previous chunk. We are suggesting to use the MDC
feature and thus it won't be possible at all.
> 2. Keep streaming data into a gpg process until its output surpasses
> a certain volume size (say 50MB). Then close that process, and
> make the next volume using a new gpg process. This way each
> volume can be decrypted individually.
This is what I would suggest.
> But is there a security risk here? The volumes will all be
> slightly different sizes, and it seems that other people can infer
> stuff about the data from the volume sizes.
I don't think so. The different sizes are due to the compression;
without compression we would be able to have gpg stop at certain
boundaries (i.e the block size of the cipher plus a fixed header and
suffix). Howver this would be quite some work without any real
advantage.
> 3. The ideal way: I encrypt each file separately, and when I near
> the volume limit, I tell gpg to "round" the data out, so it
> produces a file of exactly the required length. Can this be done?
It would be possible to pad the plaintext data but the standard says
nothing about it.
Shalom-Salam,
Werner