How to split up gpg data into multiple volumes?

Daniel Carrera dcarrera@math.toronto.edu
Thu Aug 8 01:44:08 2002 

I don't see how the files having different sizes can produce any
information.  Specially because gpg compresses the data before encrypting
it (eliminating redundancy in the files).

Therefore, if the orignal files are close in size to begin with, the size
of the final files will depend as much on the sizes of the originals as on
the particulars of the data in each one.

This makes guessing information much more difficult ("is it a small file
with little redundancy or a large file with lots of redundancy?").

I don't think you have much to worry.

However, if you wish to have the files the same size, perhaps you could
add some garbage data at the end of the original files.

To "pack" the data into the file, your program would:

1) Add some non-printing character which you are sure will not appear in
the orignal file (perhaps the "bell" character?).

2) Pack a random sequence of characters until you reach the desired size.

3) Encrypt.

To "upack" the data:

1) Decrypt.

2) Search for the given character.

3) Remove everything from there on.


Or perhaps you could keep a table mathing the filename and the number of
characters you added at the end.  And you would keep this table encrypted
ofcourse.

I hope that some of this helps.


On Wed, 7 Aug 2002, Ben Escoto wrote:

>
> Hi, can anyone here tell me how to split a large amount of gpg data
> into multiple files so that individual volumes can be read separately?
> Here are a couple of options for discussion's sake:
>
> 1.  Stream in and out of a gpg process.  Split the output up at the
>     appropriate intervals and save it.  This is what I'm doing now.
>     It works, but is it possible to read one volume without starting
>     from the beginning?
>
> 2.  Keep streaming data into a gpg process until its output surpasses
>     a certain volume size (say 50MB).  Then close that process, and
>     make the next volume using a new gpg process.  This way each
>     volume can be decrypted individually.
>
>     But is there a security risk here?  The volumes will all be
>     slightly different sizes, and it seems that other people can infer
>     stuff about the data from the volume sizes.
>
> 3.  The ideal way:  I encrypt each file separately, and when I near
>     the volume limit, I tell gpg to "round" the data out, so it
>     produces a file of exactly the required length.  Can this be done?
>
> So is there a "right" way to split gpg data up into volumes?  If it
> matters, I trying to encrypt tar files.  Thanks for any insight.
>
>
>