GPG Problem - invalid radix64 character
jerome at jeromebaum.com
Tue May 17 14:48:57 CEST 2011
On Tue, May 17, 2011 at 14:22, Turbo Fredriksson <turbo at bayour.com> wrote:
> On 16 maj 2011, at 21.11, Jerome Baum wrote:
> On Mon, May 16, 2011 at 19:08, Turbo Fredriksson <turbo at bayour.com> wrote:
>> I've locked at some encrypted FS's, but none of them where secure enough.
> In what sense? Can you elaborate? See also my comment below.
> Didn't allow big enough keys of good algorithms for one...
IIRC, OpenSSL places no limit on key-size. However, try "openssl genrsa
16384" and see how long that takes...
> I would suggest you just symmetrically encrypt the data. If you really need
>>> public-key encryption, use gpg to encrypt the key-file. The theoretical
>>> security is about the same, and practically the significant factors will be
>>> where you store your key, what temp files you leave around, etc.
> It was many years since I looked at encryption, so I've forgot most of what
> I once learned (never actually needed it :). But isn't symmetric encryption
> 'easy' to crack? Given enough CPU?
Not at all. In fact, most public-key crypto systems will symmetrically
encrypt your data with a random session key and only asymmetrically encrypt
the session key. This is a Good Thing in performance and security terms --
performance because AES tends to be faster than RSA (for instance), and
security because this method has been extensively studied.
> I find it hard to believe that anything would be better than a 3072 bit DSA
> with a 4096 bit ELG key which expires in a month... ?
Those are very absolute numbers and the statement is very strong. In
practice it's much more about key management than about key-size. Personally
I opted for a 4096-bit RSA key, which is a somewhat arbitrary choice based
on my gut and the intended duration of the key. Others go for 2048 bits,
some go for a DSA master key, etc. -- it's just a matter of preference and
in most cases you should be focusing your efforts elsewhere.
As Werner has correctly pointed out, you _can_ use gpg for this task. I
would personally still opt for OpenSSL, though. It feels like the right tool
for this, and gpg seems designed more for block data than streams, more for
communication than personal encryption, etc. -- there's lots of WoT stuff
built-in that you get with the package and may never use, which OpenSSL
doesn't have. etc.
email jerome at jeromebaum.com
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users