Unable to encrypt file with private/public key
Pete Stephenson
pete at heypete.com
Fri Dec 19 16:29:23 CET 2014
On 12/19/2014 6:05 AM, Haritwal, Dhiraj wrote:
> One more thing, this time when I encrypt the file with my private key
> (without sign & only with armor switch), it's still asking passphrase
> to decrypt it even on my same server. That means it's still using
> PassPhrase to encrypt the file. Does it somewhere set by default in
> the Gnupg config.
I assume that you mean that you encrypted the file using your own public
key.
If so, it's normal for GnuPG to prompt you for your passphrase when you
decrypt the file: the private key is needed to decrypt the file, and the
passphrase is used to unlock the private key so it can be used.
When you're using symmetric encryption mode, the passphrase is used to
encrypt and decrypt the file.
When used with public/private keys, the passphrase is not used at all to
encrypt the file. The file is encrypted using the recipient's *public*
key[1] and sent to the recipient. The recipient uses their passphrase to
unlock their *private* key, which is used to decrypt the file.
Public-key crypto is somewhat of a black art, and there's many aspects
that can be quite confusing. You might find the "Art of the Problem"
video series on cryptography[3] to be interesting.
Mozilla also has an introduction to cryptography[4] which might also
help clarify things. While it focuses on the use of cryptography in a
general web browser-server system, many of the concepts apply to GnuPG.
Cheers!
-Pete
[1] This is a somewhat simplified explanation. In actuality, the file is
encrypted using a randomly-generated session key and a symmetric cipher
like AES, and the session key is encrypted using the recipient's public
key. This "hybrid cryptosystem"[2] has several advantages over
encrypting the whole file using the recipient's public key.
[2] https://en.wikipedia.org/wiki/Hybrid_cryptosystem
[3] https://www.youtube.com/playlist?list=PLB4D701646DAF0817
[4]
https://developer.mozilla.org/en-US/docs/Introduction_to_Public-Key_Cryptography
More information about the Gnupg-users
mailing list