Perform only asymmetric encryption/decryption

Neal H. Walfield neal at
Mon Apr 11 09:40:13 CEST 2016

On Sun, 10 Apr 2016 12:56:09 +0200,
Erik Nellessen wrote:
> No, this is not about encrypting large amounts of data with asymmetric encryption. ;) It is about encrypting and decrypting small strings, which are still way smaller than the public/private key. So I guess this could be possible using the interfaces for encrypting/decrypting a data encryption key. What is the best way in OpenPGP to encrypt/decrypt small strings using asymmetric encryption/decryption directly?

You can extract the session key using --show-session-key and set the
session key using --override-session-key

  $ echo | gpg2 --no-options -c | gpg2 --show-session-key -d
  gpg: session key: '7:7BF4443B3652BD25CEC2BA641135AC58'

The format of the session key is algorithm id and the hex-encoded

The created message has the following form:

  echo | gpg2 --no-options -c | gpg2 --list-packets
  # off=0 ctb=8c tag=3 hlen=2 plen=13
  :symkey enc packet: version 4, cipher 7, s2k 3, hash 2
  	salt 6E31D6F821C697BD, count 24117248 (231)
  # off=15 ctb=d2 tag=18 hlen=2 plen=54 new-ctb
  :encrypted data packet:
  	length: 54
  	mdc_method: 2
  # off=36 ctb=a3 tag=8 hlen=1 plen=0 indeterminate
  :compressed packet: algo=1
  # off=38 ctb=cb tag=11 hlen=2 plen=7 new-ctb
  :literal data packet:
  	mode b (62), created 1460360139, name="",
  	raw data: 1 bytes

That is, it has an SK-ESK packet and a symmetrically encrypted packet.
You just want the SK-ESK, which should be relatively straightforward
to extract.  Unfortunately, IIRC, if GnuPG doesn't have an encrypted
body, it won't show the session key when --show-session-key is used.
But, this can be changed relatively easily.

A more fundamental problem is that GnuPG will warn (or perhaps error
out?) if the provided session key is weak.

Good luck!

:) Neal

More information about the Gnupg-users mailing list