Post Friends My journal
mrflash818

Using gpg and a symmetric key to encrypt/decrypt files

Dec 21, 2013 22:33



TO ENCRYPT
gpg --symmetric --cipher-algo AES256 example.txt

- or -

gpg --symmetric --cipher-algo TWOFISH example.txt

(gpg will then ask for a passphrase, make it long, as random as possible, upper and lower case, a punctuation, and a number)

TO DECRYPT
gpg example.txt.gpg

(gpg will then ask for the passphrase)

To encrypt, but have the excrypted output be encoded as text (so can be put copy/paste into an email)

gpg --symmetric --cipher-algo AES256 --armor example.txt

- or -

gpg --symmetric --cipher-algo TWOFISH --armor example.txt

Then the encoded file looks like this:

cat example.txt.asc
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.12 (GNU/Linux)

jA0ECQMCpxBhD6FN0ohg0mAB/JtjEG4MsazoqGOB41hAlmo8Wdh6EZFDuWFvED35
kh6ZXVzddIr2tvn8RnWg96qDQFCkiVkHfOcXSozHqMYh4+QhvPlyjg8xdWkzlTia
ooXGGbKcZ/RjPMDhIvVfXVA=
=LLT8
-----END PGP MESSAGE-----

Wikipedia article about how long the passphrase needs to be for 256bits of entropy, using random case-sensitive alphanumerics (a,z)+(A,Z)+(0,9) about 45 characters long.

http://en.wikipedia.org/wiki/Password_strength

EDIT 2013-12-22 - adding my self-notes about security and its passphrases from what I learned about WPA2 PSK:

1. Ideally choose a maximum_character_length password that is random characters (not dictionary words, to thwart dictionary-based attacks).

2. Make sure the 45+ character long random password has at least one character each of (a number|a punctuation|an upper case letter| a lower case letter) to make they keyspace the largest (which makes the possible number of values an attacker would have to try to be too computationally expensive for the 'casual' Bad Person to try).

2a. Steve Gibson has a very cool Internet resource for helping people learn about password strength: https://www.grc.com/haystack.htm

Per the haystack page:

Example passphrase = search space size
---------------------------------------

64characters of hex
a62c58e04c676e05fc73f6d9a17ae4be0df7e052d103e664b0e2592311b9b7bd = 4.13 x 10^99

63characters of hex, plus adding a punctuation symbol
?62c58e04c676e05fc73f6d9a17ae4be0df7e052d103e664b0e2592311b9b7bd = 4.93 x 10^117

62characters of hex, plus adding a punctuation symbol, plus adding an upper case letter
?62C58e04c676e05fc73f6d9a17ae4be0df7e052d103e664b0e2592311b9b7bd = 3.79 x 10^126

2b. Steve Gibson has a very cool Internet resource for generating passwords: https://www.grc.com/passwords.htm

2c. A relatively easy way to generate a long random password is from a *NIX command line ==>

openssl rand -base64 45 | less

ALSO COULD USE:
openssl rand -hex 32 | less
(see note "2e" below for why)

2d. The "45" is for the number of bits of entropy the psudorandom generator will create. The generated passphrase will likely be more digits than 45.

2e. I now understand why a 64-digit hex password is the size to use for things like WPA2: 256bits of password entropy == 64digit hex passphrase.

2f. To be extreme, each file would be encrypted with a unique passphrase that was never used again.

gpg, 2013, twofish, security, entropy, privacy, aes256

Leave a comment

Previous post Next post
Up
Homepage Read journal... Full version Help Русская версия
© 1999-2024 LiveJournal, Inc.