Is it possible to decide what is a gpg file?
vedaal at hush.com
vedaal at hush.com
Thu Nov 19 16:26:57 CET 2009
There is no way (yet, ;-) ), to do what you want in gnupg, as a
gnupg encrypted file will show that it was encrypted either
symmetrically or to a key.
But, if you don't mind XOR-ing with a large pad, and you have a
secure place to keep the pad, (not on the computer with the
encrypted files),
you can do something like the following:
[1] Encrypt whatever file you want using gnupg, and the options of
--throw-keyids --armor
This will produce a ciphertext output of the encrypted file, with
no information about the key it was encrypted to, except for the
type (dh, rsa) and the size.
[2] Find, or write, a document equal to or greater, than the size
of the file in [1], and save it on your computer, and do not save
the file in [1].
[3] Construct a pad that XOR's from the file in [2] to the file in
[1].
[4] Save the pad securely somewhere else.
[5] If the pad is discovered, people will expect to use it to apply
to a ciphertext and recover a plaintext, not the other way around,
and you have no ciphertexts on your computer, and even if it were
used correctly to recover the ciphertext, the plaintext still
cannot be recovered without the key and passphrase.
BUT,
Only you know what your threat model is.
This will probably not be a good idea to use if your threat model
includes dangerous determined adversaries who know the field.
vedaal
More information about the Gnupg-users
mailing list