LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-18-2005, 10:13 AM   #1
rblampain
Member
 
Registered: Aug 2004
Location: Western Australia
Distribution: Debian 7
Posts: 833

Rep: Reputation: 35
GnuPG encrypted files format


I have a vague recollection of reading somewhere that some encrypting softwares produce an output that contains a piece of code that is the same regardless of the plain text to be encrypted. I have also read something about double encryption (encrypting a file of encrypted strings or similar). However trying to retrieve that info on the web leads me nowhere.

The details:
I'm beginning to use GPG, I have selected the first option when generating the keys (DSA ElGamal) and I am using both symmetric and asymmetric encryption of files on a Fedora C2 for file protection.
I suppose ElGamal is used for asymmetric encryption but I have no idea what my system is using for symmetric encryption.
It looks like the symmetric output all start with "\214" and if this is correct, I'd like to find out more about this aspect of encryption, specifically for what I am using.

The questions:
1) Does GPG, as I use it, produce an encrypted file that contains a sort of header?
a) for symmetric encryption
b) for asymmetric encryption
2) If it does, what is the format?
3) Is encryption of encrypted strings a worthwhile procedure?

Any hint or tip most welcome.
 
Old 08-22-2005, 02:34 AM   #2
primo
Member
 
Registered: Jun 2005
Posts: 542

Rep: Reputation: 34
Read a good book on cryptography to assemble all these facts you have read in the web. Sometimes they can become myths if they're taken out of context.

Anyway, I'll try to answer some questions:
Quote:
1) Does GPG, as I use it, produce an encrypted file that contains a sort of header?
Yes, GPG does use a header for internal use and it's no big deal unless you want some obscurity that in the end won't add any bit to security... It uses a well known header recognized by the file(1) command.

An entirely different thing is the fact that plaintext sometimes contain known pieces (ie, TCP/IP, archive, image and e-mail headers, C++ source, etc). This could be used to retrieve information about the key and more plaintext bits. This is what is called as "known plaintext attack". Good encryption software minimizes this risk by compressing the plaintext and eliminating redundancy.

Quote:
3) Is encryption of encrypted strings a worthwhile procedure?
It depends on the context. I use to manage (encrypt/decrypt) my passwords file in an encrypted loop partition to avoid it reaching the disk.

Asymmetric encryption is useful when encrypting data destined to another recipient. Asymmetric algorithms are best used to encrypt a random (session) key that really encrypts the data. It is because asymmetric algorithms are slower because of the mathematical models they use.
 
Old 08-22-2005, 09:15 AM   #3
rblampain
Member
 
Registered: Aug 2004
Location: Western Australia
Distribution: Debian 7
Posts: 833

Original Poster
Rep: Reputation: 35
Thank you to primo for a good explanation.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
gpg encrypted files -- recovery/decryption? 187807 Slackware 2 03-24-2005 07:04 PM
reading password-encrypted powerpoint files? JustinHoMi Linux - Software 2 02-22-2005 01:27 PM
how to use gnupg to enctrypt files? demmylls Linux - General 3 04-13-2004 05:54 AM
cant install .bin files, tar.gz files or anyother format!!! madskillz Linux - Newbie 4 10-05-2003 10:28 AM
converting files to pdf format? vendemmian Linux - General 2 05-23-2001 07:52 AM


All times are GMT -5. The time now is 07:33 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration