Signing and symmetrically encrypting files
arbiel.perlacremaz at gmx.fr
Sat Sep 17 22:40:43 CEST 2016
I eventually changed my mind as I have'nt found out how to extract the
source document from a signed one.
So I decided to procede with detached signatures applied, as you
suggest, on the source documents and not on the crypted ones.
Regarding asymmetric versus symmetric cryptography, I stick with the
latter one, which allows me to crypt a document only once with a single
key, a "document-key", and either transfert the asymmetrically crypted
document-key to recipients whom I know their public keys, or its
symmetrically crypted value with a permanent password specific to each
of the others recipients I share their passwords with. I don't know yet
how to share and manage these passwords.
I finally download on the public server an archive containing the
document-key symmetrically-crypted document, the clear document
signature and the bunch of asymmetrically or symmetrically crypted
document-keys, and send messages, "release notifications", to inform the
recipients a new document has been released on the server.
I'm still wondering how each of them will know the specific file they
have to uncrypted to get the document-key. That is, I haven't yet
figured out whether or not to keep the list of recipient secret. I can
obviously consider to provide the information in the
release-notification e-mail, but I don't know if e-mail clients can
handle symmetrically crypted messages.
Thank's again for your help.
Le 15/09/2016 à 09:11, Bernhard Reiter a écrit :
> Hi Arbiel,
> Am Mittwoch 14 September 2016 17:28:59 schrieb Arbiel (gmx):
>> Asymmetric encryption requires the recipients to use my public key to
>> get access the documents, whereas symmetric encryption only requires
>> them to key in the encryption key.
> for decryption, only the private key of the recipient is needed.
> Typing in that passphrase is as difficult (or easy) as typing in the symmetric
> key. Of course asymmetric crypto would need them to create a key-pair first.
> But symmetric encryption has the problem of you needing to transfer the keys
> each time.
>> Obviously the recipients who are not
>> confident enough with using asymmetric encryption won't be able to
>> verify the authentity of the documents, but this a least drawback.
>> However, if I can't sign and encrypt in a single step, I'll sign and
>> then symmetrically encrypt the signed document, or the other way around.
> Usually you sign first and then encrypt. This way the signature stay
> verifiable even after decryption.
>> I forgot to write that I want the process (sign and encrypt) to procede
>> without any keyboard-typing.
> A passphrase is not needed for asymmetric encryption.
> It is only needed to unlock your private key for signing.
> If you want to build an automated system, one way is to just have a private
> key without passphrase (and secure the system). There are other ways of
>> My previous message seems to have been a HTML message. I unchecked the
>> control and hope this answer is a clear text message
> Yes, it is. :)
> Best Regards,
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 230 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users