file encryption and integrity check

Francesco Turco fctk86 at
Tue Feb 21 15:09:58 CET 2006

Roscoe ha scritto:

>Sure will.
>gpg -c is what you want.
>Make sure you are using a MDC, which means either using one of the
>128bit blocksize ciphers (your gpg will probably use AES256 by
>default, which is good - gpg -vc to find out) or passing the
>--force-mdc option.

so no need to hash files (md5/crc32) before encryption?

anyway, after reading some man page and experimenting, i ended up with 
the following settings:

encrypt: gpg --symmetric --cipher-algo aes256 --compress-algo none <file>
decrypt: gpg --decrypt <file>

i avoided 3des,cast5,blowfish becouse they have 64bits blocksize.
i preferred aes over twofish, both 128bits blocksize, becouse the first 
one seems more "standarized" then the second one.
last, i preferred aes256 over aes128/aes192 becouse it is more secure 
and encryption times are quite the same.

i have disabled compression becouse files i have to encrypt are already 
compressed, and compression takes much more time then encryption.

do you think it is a good choice?

More information about the Gnupg-users mailing list