future proof file encryption

Moritz Schulte mo at g10code.com
Fri Feb 27 12:35:16 CET 2009

> Is it true to say then,
> that if you wanted someone to be able to decrypt a
> (symmetrically encrypted) file, they'd need to know the algorithm used,
> the key and they'd also have to use the same program to decrypt as used
> to encrypt the file?

Not quite. In general: you shouldn't base the security on the secrecy of
the methods used (algorithm, implementation, ...).  Besides, when using
a program which implements a documented standard, it doesn't matter what
actual implementation of the standard you (or the attacker) use(s). The
security should depend on the secrecy of your key.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20090227/1388602d/attachment.pgp>

More information about the Gnupg-users mailing list