On 2022-02-07 at 11:02 +0100, swarna kembayee wrote: > Dear Team, > > Thank you very much, in advance for your time and support. > I have 3 questions which I would appreciate help on.... > > My environment has GPG 1.4.9 on Solaris 10 OS.
That version is 13 years old, not even the latest version of the 1.4.x branch, which is itself not considered secure nowadays. Please, please, update to a modern GPG version (2.2.x or 2.3.x) (I will assume in the following points that you are already using a modern version) Also note that compressing leaks _some_ information on the entropy of the underlying file. Hopefully not something significantly, but it's something to take into account. > Question 1 - I am using gpg to encrypt a gzip file. Is it wrong to do > this ( file/block corruption or ) ? No, it's not wrong. You are free to encrypt any kind of file, even if it's compressed. As long as the cipher is secure, that shouldn't matter. > for example my command order is > > 1. gzip sourcefile.txt -- output is sourcefile.txt.gz > > 2. gpg --encrypt --recipient f...@w.com sourcefile.txt.gz -- output > is sourcefile.txt.gz.gpg -- I am able to decrypt and uncompress and > read the file > > I am not sure if gpg also compresses by default. I used the --verbose > option along with --compress-algo , however the compression state is > omitted from the verbose detail. First of all, it would depend on the preferences of the recipient key. If you are to someone whose key doesn't support compression, it won't be compressed (unless you forced that). > I also find --compress-algo <1,2,3> work , higher numbers 4 and above > throw an error - 'gpg: selected compression algorithm is invalid' These are compression *algorithms*: 9.3. Compression Algorithms ID Algorithm -- --------- 0 - Uncompressed 1 - ZIP [RFC1951] 2 - ZLIB [RFC1950] 3 - BZip2 [BZ2] 100 to 110 - Private/Experimental algorithm see https://datatracker.ietf.org/doc/html/rfc4880#section-9 so an algorithm of 4 is not specified and gpg rightly complains. You probably wanted --compress-level / --bzip2-compress-level to change the level of compression. > Question 2 - How to know if GPG is indeed compressing and what's the > default compression value ? A simple test would be: $ truncate -s 50M testfile $ gpg -r <yourkey> --encrypt-file testfile I find a testfile of 50M but a testfile.gpg of 50K. So it is clearly compressing :-) If you use --verbose twice on decryption, e.g. gpg --verbose --verbose -d < testfile.gpg > /dev/null on a gpg file using compression there will be a line such as: :compressed packet: algo=2 > Question 3 - How to find the default settings of my gpg like > character set , compression value etc. I have not configured > anything in in the gpg.conf file The docs for your version should state the default values. Take into account that, as stated earlier, the ones selected will depend on who you are corresponding with. > Best Regards, > Swarna Kembayee Best regards _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users