Local file encryption

John Clizbe JPClizbe at tx.rr.com
Mon Feb 19 17:05:53 CET 2007 

eemaestro at gmail.com wrote:
> I have been using gpg to encrypt/decrypt files on my computer "for my
> eyes only".  I have been using my public/private keypair on my keyring
> to do so.   I just discovered that I can use encrypt/decrypt local
> files using a symmetric cipher--i.e., you enter one secret passphrase
> to encrypt and then enter the same secret passphrase to decrypt.
> Since my encryption is only for files for myself, do you think using a
> symmetric cipher would be a better idea, or doesn't it matter?    Or
> is choice of a passphrase a bigger issue than the type of cipher --
> symmetric vs. public/private keypair ?

If your GnuPG keyring files reside on the computer, then either approach is
equivalent -- your protection is ultimately determined by the strength of the
chosen passphrase protecting the secret key or the encrypted file.

Either method will encrypt the file using a symmetric cipher. The difference is
that in OpenPGP, a random session key is generated and that is used to
symmetrically encrypt the file. Then, the session key is encrypted using the
chosen public key(s).

The passphrase is only one protection on your keypair and it's pretty much the
protection of last resort - given an easily guessable/brute-forced passphrase,
it's "Game-Over." if an attacker gets access to the keyring files. Another
protection is to physically secure your keyring files (or at the minimum, the
secret ring) by storing it on removable media of some sort: floppy, PCMCIA flash
card, USB dongle,... and removing that media when you leave the computer. Now,
an attacker must have both the media with the secret keyring as well as the
secret key's passphrase.

If removable media is not an option, or for additional security on removable
media, you may use a disk encryption product such as TrueCrypt to create an
encrypted volume to store your keyring files. (Hint: Use a new key and passphrase.)




-- 
John P. Clizbe                      Inet:   John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A
"what's the key to success?"        / "two words: good decisions."
"what's the key to good decisions?" /  "one word: experience."
"how do i get experience?"          / "two words: bad decisions."

"Just how do the residents of Haiku, Hawai'i hold conversations?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 663 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070219/92a15420/attachment.pgp

More information about the Gnupg-users mailing list