Symmetric encryption

David Shaw dshaw at
Sun Jul 28 18:16:01 CEST 2002

On Sun, Jul 28, 2002 at 11:02:56AM -0400, Gordon Worley wrote:
> When I symmetrically encrypt a file, I have a few questions about what 
> is generated:
> - Where is the key stored?
> - Is the passphrase used to protect a key?  Is the passphrase the key?

It depends on what sort of symmetric encryption settings you use.  By
default, GnuPG does the same sort of thing it does with public key
encryption - random session key, encrypt the data with the session
key, then encrypt the session key.  The difference with --symmetric is
that it then encrypts the session key with your passphrase, rather
than with a public key.  When --rfc1991 is specified, GnuPG just
encrypts the data itself with your passphrase.  There are a few
possible ways to turn a passphrase into a key - see the "String-to-key
(S2K) specifiers" section in RFC 2440.

> - How is the output formatted?  Can a program other than GnuPG decrypt 
> it?

The format is fairly simple, and a program other then GnuPG or PGP can
certainly decrypt it.  The exact details are in RFC 2440.


   David Shaw  |  dshaw at  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

More information about the Gnupg-devel mailing list