All my Passwords are lost
Vincent Pelletier
plr.vincent at gmail.com
Sun Apr 25 10:41:06 CEST 2021
On Sat, 24 Apr 2021 15:19:07 -0700, "C.J. Collier" <cjac at colliertech.org> wrote:
> you could maybe ask a pause admin to decrypt and
> re-encrypt to a key that you own, sending you back the encrypted file.
Two ideas from a gpg-internal *UN*aware point of view:
- I assume gpg file encryption works by generating a random symmetric
cipher key, encrypting the file with this symmetric cipher, and
only encrypting the symmetric cipher's key with the asymmetric cipher
public key.
If so, then the encrypted symmetric key could in theory (...again, I
do not know enough of gnupg internals) be extracted and be the only
thing sent for decryption and sent back deciphered.
Of course, it means that if the file was leaked encrypted, then this
deciphered key intercepted, then the file is completely leaked.
- Is the asymmetric algorithm transitive ? If it is, then again
starting from an extracted encrypted key, it could be encrypted again
with the good public key, then sent for decryption. The key received
back would still be encrypted by the good public key. It can then
finally be deciphered, allowing the symmetric cipher to decipher the data.
This would solve the plain-text vulnerability of the previous point.
I believe (again, not an expert) decryption and signature use different
parameters in gpg, so from the pause admin point of view they should
not be worried about inadvertently signing a hash, but actually
deciphering a symmetric key (which can otherwise be a concern).
--
Vincent Pelletier
GPG fingerprint 983A E8B7 3B91 1598 7A92 3845 CAC9 3691 4257 B0C1
More information about the Gnupg-users
mailing list