Is it possible to decide what is a gpg file?

Robert J. Hansen rjh at
Wed Nov 18 02:53:57 CET 2009

Melikamp T. Medley wrote:
> OK so I looked it up and I think what I want is called "deniable
> encryption".

What you've described here isn't deniable encryption, not as I know it
to be.  This shouldn't be too surprising, given there are tons of things
I don't know about.  :)

> (3) Can add salt (like a passphrase)

Salting is something that's done to hash functions.  Are you sure you
mean that you want to add salt to a cipher?

> (2) Deniable encryption: Given a file A with random data and a
> ciphertext B (cleartext is unknown), it should be impossible to guess
> which is which more than half the time.

This will be supported by effectively any modern cipher, especially for
small files.  If you can distinguish ciphertext from random noise,
that's usually considered to be a strong sign the cipher is weak.

(Note that I'm talking about modern symmetric ciphers.  Asymmetric
ciphers may very well be distinguishable.  I *think* they are, but I
can't summon up a reference now for the life of me -- take this as
unsubstantiated speculation.)

> (3) Deniability is robust: Given a file A with random data and a
> ciphertext B (cleartext is *known*), it should be infeasible to prove
> with certainty much above 0.5 that B is the ciphertext. This implies
> that obtaining the passphrase is impractical and actually feels like
> a much stronger property.

See above remarks: this is a fairly basic test for symmetric ciphers.

Note that I'm talking only about pure cipher algorithms.  Once you add
headers, magic numbers and so on -- all of which OpenPGP does, as will
many other crypto applications -- then both #s 2 and 3 fail.

More information about the Gnupg-users mailing list