GPG 1.4.9 compressing option

Ángel angel at pgp.16bits.net
Tue Feb 8 00:30:21 CET 2022


On 2022-02-07 at 11:02 +0100, swarna kembayee wrote:
> Dear Team,
> 
> Thank you very much, in advance for your time and support. 
> I have 3 questions which I would appreciate help on....
> 
> My environment has GPG 1.4.9 on Solaris 10 OS.

That version is 13 years old, not even the latest version of the 1.4.x
branch, which is itself not considered secure nowadays. Please, please,
update to a modern GPG version (2.2.x or 2.3.x)

(I will assume in the following points that you are already using a
modern version)


Also note that compressing leaks _some_ information on the entropy of
the underlying file. Hopefully not something significantly, but it's
something to take into account.


> Question 1 - I am using gpg to encrypt a gzip file. Is it wrong to do
> this ( file/block corruption or ) ?

No, it's not wrong. You are free to encrypt any kind of file, even if
it's compressed. As long as the cipher is secure, that shouldn't
matter.


> for example my command order is
> 
> 1. gzip sourcefile.txt -- output is sourcefile.txt.gz
> 
> 2. gpg --encrypt --recipient fddf at w.com sourcefile.txt.gz -- output
> is sourcefile.txt.gz.gpg -- I am able to decrypt and uncompress and
> read the file
> 
> I am not sure if gpg also compresses by default. I used the --verbose 
> option along with --compress-algo , however the compression state is
> omitted from the verbose detail.

First of all, it would depend on the preferences of the recipient key.
If you are to someone whose key doesn't support compression, it won't
be compressed (unless you forced that).


> I also find --compress-algo <1,2,3> work , higher numbers 4 and above
> throw an error - 'gpg: selected compression algorithm is invalid'

These are compression *algorithms*:

9.3.  Compression Algorithms
       ID           Algorithm
       --           ---------
       0          - Uncompressed
       1          - ZIP [RFC1951]
       2          - ZLIB [RFC1950]
       3          - BZip2 [BZ2]
       100 to 110 - Private/Experimental algorithm

see https://datatracker.ietf.org/doc/html/rfc4880#section-9

so an algorithm of 4 is not specified and gpg rightly complains.

You probably wanted --compress-level / --bzip2-compress-level to change
the level of compression.


> Question 2 - How to know if GPG is indeed compressing and what's the
> default compression value ? 

A simple test would be:

$ truncate -s 50M testfile
$ gpg -r <yourkey> --encrypt-file testfile

I find a testfile of 50M but a testfile.gpg of 50K. So it is clearly
compressing :-)

If you use --verbose twice on decryption, e.g.
gpg --verbose --verbose -d <  testfile.gpg  > /dev/null

on a gpg file using compression there will be a line such as:
:compressed packet: algo=2


> Question 3 - How to find the default settings of my gpg like
> character set , compression value etc.  I have not configured
> anything in in the gpg.conf file

The docs for your version should state the default values. Take into
account that, as stated earlier, the ones selected will depend on who
you are corresponding with.


> Best Regards,
> Swarna Kembayee

Best regards





More information about the Gnupg-users mailing list