Essay on PGP as it is used today

raf gnupg at raf.org
Mon Jul 22 01:40:01 CEST 2019 

Ángel wrote:

> On 2019-07-18 at 12:13 +1000, raf wrote:
> > At work, when a client insists on email, and I (or the law)
> > insist on encryption, I provide them with instructions for
> > installing 7-zip and send them an AES-256 encrypted zip or 7z
> > file as an attachment. It's the simplest thing I could think
> > of that I thought most people could cope with.
> 
> Encrypted zip files have several factors that make it a beautiful
> solution for sending encrypted messages to occasional users that don't
> care much about it:
> 
> a) zip is a file format supported out-of-the-box by pretty much every
> system, and that users are comfortable with. Whereas you would be seen
> as a weirdo if you sent them a .gpg or other new file that needed a
> special program, you would likely be asked to just sent it
> "normally" (ie. unencrypted).

> b) The format itself supports secure encryption (aes128/256).

Unfortunately, that's not entirely true. The zip format
that is supported out of the box by Windows doesn't
support AES-256. The impression I get is that it's v2
of the format which only supports broken zip password
protection. Zip v5 format is needed for AES-256 and
Windows Explorer doesn't seem to suppoort that. The
recipient must either have 7-Zip (which is free) or
Winzip (which costs money). I find it hard to believe
that the new format isn't supported everywhere but it
isn't. Even the command line tool unzip only supports
the ancient zip format when encryption is used.

> c) If their client doesn't support AES-Encryption, their client will
> show that *their program* can't cope with it. This places the onus on
> the receiver (their zip decompresser isn't "new enough"), rather than
> the sender (see a).
> 
> Nevertheless, it has a number of potential problems:
> 
> * As pointed out by Stefan Claas, you need to exchange the encryption
> keys. The zip file is just an encryption primitive, so key distribution
> may become a problem.
> 
> (raf, may I ask how you are dealing with it? As they are clients, are
> you providing a set of keys in advance when personally visiting them?
> Are you providing the key for the new message?)

Verbally over the phone (but I think SMS would be OK).

> * 7-Zip before 19.00 use a bad PRNG to fill a half-size IV 
> https://threadreaderapp.com/thread/1087848040583626753.html

Luckily we use v19.00 for encrypting (but my macports
version is only v16.02).

> * A naive user trying to reply would easily end up using PKWARE
> encryption (and reusing the password)

True. In that case, I'd recommend that they create a
.7z file rather than a .zip file. The .7z format only
seems to support AES-256. The .zip format supports both
AES-256 and PKWARE password protection but it defaults
to PKWARE protection (in the 7-Zip GUI).
 
> Kind regards

cheers,
raf

More information about the Gnupg-users mailing list