Is it possible to decide what is a gpg file?

Brian Mearns mearns.b at gmail.com
Thu Nov 19 17:03:06 CET 2009


Sorry, sent to author instead of list again. Message below.

On Thu, Nov 19, 2009 at 11:02 AM, Brian Mearns <mearns.b at gmail.com> wrote:
> On Thu, Nov 19, 2009 at 10:26 AM,  <vedaal at hush.com> wrote:
>> There is no way (yet, ;-) ), to do what you want in gnupg, as a
>> gnupg encrypted file will show that it was encrypted either
>> symmetrically or to a key.
>>
>> But, if you don't mind XOR-ing with a large pad, and you have a
>> secure place to keep the pad, (not on the computer with the
>> encrypted files),
>> you can do something like the following:
>>
>> [1] Encrypt whatever file you want using gnupg, and the options of
>> --throw-keyids  --armor
>>
>> This will produce a ciphertext output of the encrypted file, with
>> no information about the key it was encrypted to, except for the
>> type (dh, rsa) and the size.
>>
>> [2] Find, or write, a document equal to or greater, than the size
>> of the file in [1], and save it on your computer, and do not save
>> the file in [1].
>>
>> [3] Construct a pad that XOR's from the file in [2] to the file in
>> [1].
>>
>> [4] Save the pad securely somewhere else.
>>
>> [5] If the pad is discovered, people will expect to use it to apply
>> to a ciphertext and recover a plaintext, not the other way around,
>> and you have no ciphertexts on your computer, and even if it were
>> used correctly to recover the ciphertext, the plaintext still
>> cannot be recovered without the key and passphrase.
>>
>> BUT,
>>
>> Only you know what your threat model is.
>>
>> This will probably not be a good idea to use if your threat model
>> includes dangerous determined adversaries who know the field.
>>
>>
>> vedaal
> [snip]
>
> I think you're very much over-complicating things. If you're going to
> go through all the trouble of creating a pad of equal length to your
> message, then just make it an OTP, XOR it with your message, and
> you're done. No need for gpg at all in that case, and no need for a
> cover document.
>
> If he wants to hide the fact that he has an encrypted document, that's
> a completely different matter and calls for steganography.
>
> -Brian
>
>
>
>
> --
> Feel free to contact me using PGP Encryption:
> Key Id: 0x3AA70848
> Available from: http://keys.gnupg.net
>



-- 
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://keys.gnupg.net



More information about the Gnupg-users mailing list