how to create a symmetric cipher

Wed Nov 15 19:49:15 CET 2006

Wei Wu [H] wrote:

> Yes. That's what I need.

If you're just trying to eliminate pass phrases and set up a key file
only scenario, why not simply create a key pair with a null or "zero
length" pass phrase? Keep those keys on your removable device, and use a
script/batch that calls GnuPG with the appropriate keyring switches
or .conf file options so it sees only those keys, only when they're
needed. 

This would in effect eliminate asymmetric encryption, which I believe
GnuPG really only uses to encrypt a symmetric session key. In reality
you'd still be using both key files and asymmetric encryption I'd
think, but it would appear as though you were merely using a simple key
file encryption because you wouldn't have to enter a pass phrase, and
the only actual security would come from the session key encryption.

> Thanks,
> WW
> 
> -----Original Message-----
> From: Sven Radde [mailto:sven at radde.name] 
> Sent: Wednesday, November 15, 2006 12:46 AM
> To: Wei Wu [H]
> Cc: gnupg-users at gnupg.org
> Subject: Re: how to create a symmetric cipher
> 
> Hello!
> 
> Wei Wu [H] schrieb:
> > The data to be protected resides on a fixed harddisk in a Windows
> computer.
> > I have a tool on Windows platform that does encryption using either
> > a passphrase or a key file. Use of a key file is recommended as it
> > is more secure (assuming passphrases can be cracked relatively
> > easily). The key
> file
> > is expected to be stored separately in a removable disk. So I need
> > a tool
> to
> > create a key. 
> >
> > I checked a few key tools such as java keytool and gpg, but their
> > genkey option does not support the generation of a symmetric
> > key/cipher.
> No offense intended, but you are confusing the involved concepts quite
> heavily.
> 
> What you need for your tool is merely a file filled with random data.
> This "key" is totally different from what gnupg, java keytool, openssl
> etc. use as keys for their sophisticated protocols.
> 
> However, gnupg offers to generate some random bytes using the
> --gen-random command, which is probably what you need:
> 
> --gen-random /0|1|2/ [/count/]
> 
>     Emit COUNT random bytes of the given quality level. If count is
> not given or zero, an endless sequence of random bytes will be
> emitted. PLEASE, don't use this command unless you know what you are
> doing, it may remove precious entropy from the system!
> 
> 
> So you would need to issue something like "gpg --gen-random 2 32 >
> file.key" to generate a 32 Bytes (=256 Bit) file full with random data
> to be used as a key by your other tool.
> Note that I do not have an idea whether "0" or "2" is the highest
> "quality" level for the random data. Probably others can clarify, but
> I assume that 2 is highest quality.
> 
> HTH,
>   Sven Radde
> 
> 
> 
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gnupg-users

-- 
Hand crafted on 15 November, 2006 at 13:02:13 EST using
only the finest domestic and imported ASCII.

A long-forgotten loved one will appear soon.

Buy the negatives at any price.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: not available
Url : /pipermail/attachments/20061115/739341d0/signature.pgp