Hi, Apologies in advance for my profound ignorance on matters cryptological.
I use an RSA 2048 keypair for encrypting and decrypting files, not to send to anyone, just for backups. I'd like to manage my keys according to the recommendations of NIST SP 800-57. Luckily, I don't actually have to fully comply with it but I'd like to get as close as I can (without spending lots of money). Unfortunately, it seems that NIST SP 800-57 only likes symmetric algorithms for data encryption and it only likes asymmetric algorithms for signing and key-agreement. I think they're expecting quantum computing armageddon making asymmetric algorithms useless. For some dumb reason I think I was hoping that the RSA algorithm wasn't really used to encrypt all the data. I thought it was probably used to encrypt a per-file randomly-generated symmetric key which was then used to encrypt the file (and was encrypted along with the file) because it could be faster. But I think I'm confusing it with network protocols like TLS. Is that what happens with RSA in gpg? [Probably not] If so, how can I tell which symmetric algorithm is used to actually encrypt the data or choose that algorithm? If not, is there a way to make that kind of behaviour happen with gpg? Apparently, NIST SP 800-56B describes an approved method of using RSA for key-agreement but it looks hideous (to the untrained brain) and I'm sure that it's of no use to me. And key-agreement shouldn't be necessary, just a cryptographically random per-file key would probably do as long as the file itself were encrypted using a symmetric algorithm. Mind you, NIST 800-57 only likes symmetric keys for encrypting other keys as well so that probably wouldn't be approved either. Symmetric encryption isn't really an option for automated backups as cron can't be expected to enter a passphrase. The passphrase should only be required to decrypt the files. Thanks in advance for any answers or advice, even if the advice is to give up. :-) I'm not going to stop doing automatic backups just to satisfy NIST's recommendations. cheers, raf _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users