failed decryption

Pete Stephenson pete at heypete.com
Sun Apr 19 12:08:43 CEST 2015


On Sun, Apr 19, 2015 at 11:21 AM, Mick Crane <mick.crane at gmail.com> wrote:
>
>
>> On 19 Apr 2015, at 06:42, Adam Gold <awg1 at gmx.com> wrote:
>>
>> I'm attempting to decrypt a symmetrically encrypted tarball appx 25GB in
>> size.  It goes as follows:
>>
>> gpg [file].tar.bz2.gpg
>> gpg: AES256 encrypted data
>> gpg: encrypted with 1 passphrase
>> gpg: packet(7) with unknown version 41
>> gpg: WARNING: encrypted message has been manipulated!
>> gpg: packet(5) with unknown version 241
>>
>>
> The problem with encrypting files for storage seems to be that if there is any corruption there is no way to get any of it back.

In such cases it might be worthwhile to use some sort of
error-detection/correction system. Detecting errors is relatively
straightforward (you can sign a message and if the signature fails,
it's been modified) but correction is slightly more complex.

I generate PAR2 error-correction files[1] for important files or
archives. It allows one to detect errors and repair/recover any
damaged or lost sections up to a user-defined threshold. It uses more
disk space, but it can be a life-saver when dealing with critical
files on unreliable storage (and all storage is unreliable).

Alas, it's not retroactive and can't repair already-damaged data: you
need to generate the PAR2 files when the original file is still
undamaged and can then use it to recover damaged data later. In the
case of sensitive data, one should encrypt the data first and then
generate the PAR2 files -- that way no information about the encrypted
content can leak.

Cheers!
-Pete

[1] https://en.wikipedia.org/wiki/Parchive

-- 
Pete Stephenson



More information about the Gnupg-users mailing list