Questions about finding keys used to encrypt files with gpg

Werner Koch wk at gnupg.org
Sun Mar 10 20:04:50 CET 2019 

On Sat,  9 Mar 2019 17:52, mattia.codato at poste.it said:

> I noticed that the gpg -d [filename] command works out without asking
> me for the passphrase, so after a brief search i became aware of the
> fact that gpg uses public/private keys encrypting, combined with a

Right public key cryptography is the main use case of gpg.  However you
used plain symmetric encryption (-c) which requires that sender and
recipient share one key.  The behavior you noticed when decrypting your
own symmetric encrypted message is that gpg remembers the passphrase
used for symmetric encryption as long as the cache does not expire or
you restart gpg-agent.  If you would have sent the message to someone
else that other party would be asked for the passphrase.

To disable this, sometimes surprising, caching of passphrases for
symmetric encryption, you can use the option --no-symkey-cache with
gpg.

> As far as i know, in order to succesfully export and decrypt the files
> in other computers, one must export and restore the original key pairs
> used to encrypt the original files. So what should i do to figure it
> out what kind of keys were used ?

Please read a one of the howtos or the README of gpg to learn about the
basic use.  In short:

1. Create a key pair:

   gpg --gen-key

   Which creates the keyblock (certificate) including a user id.  You
   will be asked to protect the private part of the key with a
   passphrase, so that a stolen computer will not immediately lead to a
   compromise of your private key.  You are not required to use a
   passphrase, though - the message will be strongly encrypted without a
   passphrase, the passphrase is pure local thing.

2. Export the public part of the key par

   gpg -a --export YOUR_USERID >pubkey.asc

3. Send the public key to the recipient by plain mail, courier etc.

4. Ask your peer to encrypt a message to you with

   gpg -ear YOURUSERID <INFILE >OUTFILE

5. After receiving that message you can use

   gpg -d <RECEIVEDFILE >PLAINTEXT

You may always add -v to get some more info from gpg.  There are may GUI
frontends and mailers which don't require you to remember the above
command.  You may also want to look into distribution mechanisms for
public keys (which are used to encrypt) like keyservers or the Web Key
Directory.


Salam-Shalom,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190310/f6d9b184/attachment.sig>

More information about the Gnupg-users mailing list