GPG Implementation of Symmetric Operations,
and To-Self Encryption
qed at tiscali.it
Mon Jun 5 00:09:22 CEST 2006
-----BEGIN PGP SIGNED MESSAGE-----
On 06/04/2006 10:36 PM, utternoncesense at gmail.com wrote:
> Firstly, in pure RSA/ElGamal etc, there is no passphrase U - there's
> numbers p,q,g,a,b, etc.
Only when you encrypt.
> The way I understand it:
> Your secret key is encrypted using your passphrase. Your passphrase
> essentially acts as a symmetric key, one never stored anywhere except
> your head. Am I correct in the belief that this is how it works? I
> imagine it's some type of hashing or somesuch. If you don't want to
> give all the details of transformation from passphrase to key, that's
> okay, just want to make sure I understand it.
> Secondly, Using the option --symmetric creates a .gpg file and prompts
> you for a passphrase that the symmetric key is based on. Decrypting a
> Symmetric-ly Encrypted file is done by generic --decrypt option, and
> the header, non-encrypted part of the file says "Hey this is
> symmetric, prompt for a passphrase"
> Thirdly, GPG is based upon a hybrid system entirely.
Only when you use public key encryption.
> The data of any file is ALWAYS encrypted symmetrically, and a symmetric
> key is made for each encryption use.
It is called "session key".
> The symmetric key used is then encrypted with the public key of the
> recipient and the whole thing is bundled together.
> If I'm encypting something already zipped or compressed in any other
> method, I should use -z 0 because trying to compress it further isn't
> likely to do much, and it will slow down the processing - right?
Gnupg is aware of different compression algos(bzip2, zlib, zip) and when
encounters such a compressed file disable compression automatically.
> RSA & ElGamal use keys around 1024-2048 usually.
1024 RSA/ElGamal is considered semi-weak.
> EC uses 160-224 bit keys, but is based on mostly different math
> (it may be equivalent at some level, but I'm neither aware nor able
> to understand anythig beyond yes or no on that topic).
> AES uses 256 bit. It's not allowed to go over 256 bit. This is because
> it's an entirely different area of cryptography?
This is because AES doesn't allow this. Stop.
> Block Ciphers as opposed to integer factorization,
> discrete logs, or curvature? And comparing key lengths between the
> three areas (IF/DS, EC, Block) without any normalization
You could read NIST Special Pubblication 800-57 section 5.6.1 about this
> Some questions I couldn't find answers too online:
> RSA, ElGamal - I've always learned them as Asymmetric Ciphers - Public
> Key/Private Key. What algorithm does GPG use for the symmetric side
> of things? What's the size of the key? (the size of the key chosen
> for the Keypair?)
gpg --versions shows supported algorithms. Many symmetric ciphers allow
only a fixed length key by desing(IDEA, CAST5, 3DES); others(AES,
TWOFISH, BLOWFISH) can be used with different key sizes, but only AES is
used in such a way in OpenPGP.
> For encryption of documents to myself, I can:
> - Use Symmetric Encryption with a passphrase of my choosing. But a
> passphrase seems weaker than a full blown key.
You still use a passphrase to protect the secret part of your keyring,
this is the weak link of most cryptosystems.
> - Is there an option to have a Symmetric Key, that behaves like both a
> public and a private key? Obviously you'd have to not publish your
> the key, but apart from that?
If you must not publish it, what makes it a public key?
Hmmm, some bells start ringing in my head. Is this a homework assignment?
> --throw-keyid --encrypt-to-self will produce a file that, considering
> all available information available in the file, is known ONLY to be
> encrypted by GPG X.Y.Z with the private key of some individual. But
> may only be decrypted by myself (because it's encrypted to myself).
This is wrong twice. Guess why.
> What would happen if I tried --symmetric --throw-keyid ?
> Does ElGamal double the size of the encrypted document if used without
This is DEFINITELY a homework assignment! Ever heard of Google? It is
the holy saint of high school students.
ICQ UIN: 301825501
OpenPGP key ID: 0x58D14EB3
Key fingerprint: 00B9 3E17 630F F2A7 FF96 DA6B AEE0 EC27 58D1 4EB3
Check fingerprints before trusting a key!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Gnupg-users