GPG notes

From Noah.org
Revision as of 16:23, 5 December 2008 by Root (Talk | contribs) (New page: Category:Engineering == symmetric ciphers with GPG == Often users just want to encrypt a file with a simple password or passphrase. GPG is most often used for more sophisticated ==...)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search


symmetric ciphers with GPG

Often users just want to encrypt a file with a simple password or passphrase. GPG is most often used for more sophisticated

symmetric key encryption

This encrypts the given file, foo.plain. Each line is equivalent and shows different ways for specifying input and output (from a file or stdin/stdout). The --armor option specifies ASCII encoded output instead of binary.

cat foo_plain_in.txt | gpg --symmetric --armor > foo.enc
gpg --symmetric --armor foo_plain_in.txt > foo.enc
gpg --symmetric --armor --output foo.enc foo_plain_in.txt
<pre>

== symmetric key decryption ==

Note that the '--use-agent' option is not required. Normally the agent is used to unlock the secret key in a key pair in your keyring, but  I just use it to get the passphrase for symmetric key encryption. The GPG key agent can provide more options for how you provide the passphrase. This makes the graphical GUI popup appear to ask for a password.

The '--no-mdc-warning' is necessary to suppress the warning that the message was not protected with a SHA-1 checksum (modification detection code). The MDC is not very useful with simple symmetric encryption anyway.

<pre>
cat foo.enc | gpg --decrypt --no-mdc-warning --quiet --use-agent > foo_plain_out.txt

misc

This was a rough first attempt at a bash alias that would decrypt either GPG or OpenSSL encrypted files. If it fails on gpg then it attempts openssl.

gpg --decrypt --no-mdc-warning --quiet --use-agent foo.enc || openssl bf -d -a -salt -in foo.enc