Perform only asymmetric encryption/decryption
Neal H. Walfield
neal at walfield.org
Mon Apr 11 09:40:13 CEST 2016
On Sun, 10 Apr 2016 12:56:09 +0200,
Erik Nellessen wrote:
> No, this is not about encrypting large amounts of data with asymmetric encryption. ;) It is about encrypting and decrypting small strings, which are still way smaller than the public/private key. So I guess this could be possible using the interfaces for encrypting/decrypting a data encryption key. What is the best way in OpenPGP to encrypt/decrypt small strings using asymmetric encryption/decryption directly?
You can extract the session key using --show-session-key and set the
session key using --override-session-key
$ echo | gpg2 --no-options -c | gpg2 --show-session-key -d
gpg: session key: '7:7BF4443B3652BD25CEC2BA641135AC58'
The format of the session key is algorithm id and the hex-encoded
The created message has the following form:
echo | gpg2 --no-options -c | gpg2 --list-packets
# off=0 ctb=8c tag=3 hlen=2 plen=13
:symkey enc packet: version 4, cipher 7, s2k 3, hash 2
salt 6E31D6F821C697BD, count 24117248 (231)
# off=15 ctb=d2 tag=18 hlen=2 plen=54 new-ctb
:encrypted data packet:
# off=36 ctb=a3 tag=8 hlen=1 plen=0 indeterminate
:compressed packet: algo=1
# off=38 ctb=cb tag=11 hlen=2 plen=7 new-ctb
:literal data packet:
mode b (62), created 1460360139, name="",
raw data: 1 bytes
That is, it has an SK-ESK packet and a symmetrically encrypted packet.
You just want the SK-ESK, which should be relatively straightforward
to extract. Unfortunately, IIRC, if GnuPG doesn't have an encrypted
body, it won't show the session key when --show-session-key is used.
But, this can be changed relatively easily.
A more fundamental problem is that GnuPG will warn (or perhaps error
out?) if the provided session key is weak.
More information about the Gnupg-users