Peter,My understanding was that if you don't pass --symmetric, then a session
key is generated, with which the clear text is (symmetrically) encrypted and
then the session key is encrypted (asymmetrically) with the public key.
Conversely, if you do pass --symmetric, then there is no random-generated
"session" key, and gpg simply generates a symmetric key from the passphrase,
that it encrypts the clear text with. Are you saying that that is not the case,
and there there is a session key, used to encrypt the clear text, and the
session key gets encrypted, again, symmetrically with the passphrase-generated
key?
However my question regarding the standardization format was not necessarily
related to the OpenPGP protocol, but rather, at the most basic level of
symmetric encryption in general: you have a key, a cleartext, a symmetric block
cipher algorithm and a mode of operation . Is the format of the output
standardized within this context, of a symmetric block cipher encryption,
rather than as part of OpenPGP? Would another software or encryption library be
able to decrypt a text symmetrically encrypted with gpg, not taking into
account additional layers of asymmetric encryption?Thank you for your help.
From: Peter Lebbing <pe...@digitalbrains.com>
To: Maricel Gregoraschko <maricelgregorasc...@yahoo.com>; Gnupg-users
<Gnupg-users@gnupg.org>
Sent: Wednesday, March 11, 2015 3:06 PM
Subject: Re: AES-NI, symmetric key generation
On 11/03/15 18:55, Maricel Gregoraschko wrote:
> One more question: Is there any standardization in output formats
> between encryption programs and libraries, for example say you
> encrypt with AES128 in CBC, with the same key (directly or via
> passphrase), and since the output will have to have, in addition to
> the actual ciphertext, algorithm indentification on it, possible
> pasphrase-to-key, plus mode-specific data such as the iv/nonce, is
> there a specification of the format of how these come in?
The passphrase-based encryption of GnuPG is entirely specified in RFC
4880, and there is no reason to worry that future versions of GnuPG
cannot read a symmetrically encrypted file created now.
Also, it is *not* the case that the key used to encrypt the data is the
key derived from your password!
The key to encrypt the data, the session key, is randomly generated. The
passphrase is used to derive a key, and this derived key is used to
encrypt the session key, and only the session key!
However, I do notice that RFC 4880 allows the use of a password-derived
key to encrypt the data[1]. I don't think GnuPG will generate such
OpenPGP messages, but it might accept and decrypt them.
HTH,
Peter.
[1] RFC 4880 section 5.3:
> If the encrypted session key is not present (which can be detected on
> the basis of packet length and S2K specifier size), then the S2K
> algorithm applied to the passphrase produces the session key for
> decrypting the file, using the symmetric cipher algorithm from the
> Symmetric-Key Encrypted Session Key packet.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
