AES-NI, symmetric key generation
maricelgregoraschko at yahoo.com
Wed Mar 11 18:59:10 CET 2015
Thanks Vedaal, yep that would be one mighty strong password!
From: "vedaal at nym.hush.com" <vedaal at nym.hush.com>
To: Maricel Gregoraschko <maricelgregoraschko at yahoo.com>; gnupg-users at gnupg.org
Sent: Tuesday, March 10, 2015 4:42 PM
Subject: Re: AES-NI, symmetric key generation
On 3/10/2015 at 4:19 PM, "Maricel Gregoraschko" <maricelgregoraschko at yahoo.com> wrote:
>I agree, using key instead of passphrase doesn't enhance security
>(assuming an attacker knows that the key was derived from a
>passphrase and with what key derivation algorithm? I assume the
>randomness/entropy of the key itself is high enough regardless of
>the passphrase strength?). The reason I was asking if it's a
>possibility to store the symmetric key to decrypt with later, was
>to protect against future changes in the key derivation algorithm,
>that would make gpg generate a different key for the same
>passphrase, useless to decrypt previously encrypted data.Thank you
>for your support.
If you don't want to keep your passsphrase, and want only to keep the session key,
and you want this to have no weakness because of a questionably strong enough password that was used to generate the key,
then there is an easy way to do what you want:
 Encrypt a test message to any of your own keys.
 Decrypt this test message, with the option of --show-session-key
 Use this session key as the 64 character password for your symmetric encryption, (and save it, or you won't be able to decrypt the symmetric message).
 Decrypt your symmetrically encrypted file or message, using the option of --show-session-key
 Save this session key, and if you wish, you can destroy the first one. (you can always get it back by decrypting your message of step  ).
The string-to-key part of generating the session key for the symmetrically encrypted message, will be using a random 64 character GnuPG generated session key as it's password.
You can't find a better password (especially even one that you don't have to remember ;-) )
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users