Perform only asymmetric encryption/decryption
Neal H. Walfield
neal at walfield.org
Mon Apr 11 11:33:52 CEST 2016
On Mon, 11 Apr 2016 10:49:32 +0200,
Erik Nellessen wrote:
>
> If I understand it correctly, --override-session-key does not allow me to set the session key before encryption. It allows me to set the session key when decrypting, so I can do it without using the private key. The option is used to reveal the content of messages without revealing the private key.
>
> See: http://security.stackexchange.com/questions/115231/how-to-decrypt-a-message-using-only-session-key
>
> But following this approach, I would need to be able to change the session key before encryption. So I think this does not solve the problem yet. Am I right? Any other ideas?
You're right. If you are willing to modify GnuPG, this is easy to
change, however. (Look at seskey.c:make_session_key and have it use
the contents of opt.override_session_key rather than generate a random
key.)
:) Neal
More information about the Gnupg-users
mailing list