GPG notes
From Noah.org
Revision as of 17:23, 5 December 2008 by Root (talk | contribs) (New page: Category:Engineering == symmetric ciphers with GPG == Often users just want to encrypt a file with a simple password or passphrase. GPG is most often used for more sophisticated ==...)
symmetric ciphers with GPG
Often users just want to encrypt a file with a simple password or passphrase. GPG is most often used for more sophisticated
symmetric key encryption
This encrypts the given file, foo.plain. Each line is equivalent and shows different ways for specifying input and output (from a file or stdin/stdout). The --armor option specifies ASCII encoded output instead of binary.
cat foo_plain_in.txt | gpg --symmetric --armor > foo.enc gpg --symmetric --armor foo_plain_in.txt > foo.enc gpg --symmetric --armor --output foo.enc foo_plain_in.txt <pre> == symmetric key decryption == Note that the '--use-agent' option is not required. Normally the agent is used to unlock the secret key in a key pair in your keyring, but I just use it to get the passphrase for symmetric key encryption. The GPG key agent can provide more options for how you provide the passphrase. This makes the graphical GUI popup appear to ask for a password. The '--no-mdc-warning' is necessary to suppress the warning that the message was not protected with a SHA-1 checksum (modification detection code). The MDC is not very useful with simple symmetric encryption anyway. <pre> cat foo.enc | gpg --decrypt --no-mdc-warning --quiet --use-agent > foo_plain_out.txt
misc
This was a rough first attempt at a bash alias that would decrypt either GPG or OpenSSL encrypted files. If it fails on gpg then it attempts openssl.
gpg --decrypt --no-mdc-warning --quiet --use-agent foo.enc || openssl bf -d -a -salt -in foo.enc