Re: Question about symmetric AES cipher in GnuPG

2019-10-27 Thread Stefan Claas via Gnupg-users 
Damien Goutte-Gattat wrote:

> Hi,
> 
> On Sun, Oct 27, 2019 at 08:25:10PM +0100, Stefan Claas via Gnupg-users wrote:
> >Can you please, or somebody else, explain in laymen terms why this is 
> >so?
> 
> Simply put, gpg and openssl enc don’t use the same file formats.  
> Different formats may encode the same data differently, so you can’t 
> expect the two outputs to be similar or to be of a similar size.
> 
> In GnuPG’s case, the format is the one defined by the RFC 4880 standard 
> [1]. I don’t know what is the format used by OpenSSL, but some of the 
> differences with GnuPG’s format include:
> 
> * GnuPG adds a “Modification Detection Code” to the encrypted data;
> 
> * GnuPG also adds some metadata, including the name of the original 
>   file.
> 
> Those differences alone already explain easily why the file generated by 
> GnuPG is bigger.
> 
> Cheers,
> 
> - Damien
> 
> 
> [1] https://tools.ietf.org/html/rfc4880

Thanks for the explanation! I will then check the RFC to see if I can
find how many bytes the 'Modification Detection Code' and the meta data
consumes.

Regards
Stefan

-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
  certified OpenPGP key blocks available on keybase.io/stefan_claas
   

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Question about symmetric AES cipher in GnuPG

2019-10-27 Thread Damien Goutte-Gattat via Gnupg-users 

Hi,

On Sun, Oct 27, 2019 at 08:25:10PM +0100, Stefan Claas via Gnupg-users wrote:
Can you please, or somebody else, explain in laymen terms why this is 
so?


Simply put, gpg and openssl enc don’t use the same file formats.  
Different formats may encode the same data differently, so you can’t 
expect the two outputs to be similar or to be of a similar size.


In GnuPG’s case, the format is the one defined by the RFC 4880 standard 
[1]. I don’t know what is the format used by OpenSSL, but some of the 
differences with GnuPG’s format include:


* GnuPG adds a “Modification Detection Code” to the encrypted data;

* GnuPG also adds some metadata, including the name of the original 
 file.


Those differences alone already explain easily why the file generated by 
GnuPG is bigger.


Cheers,

- Damien


[1] https://tools.ietf.org/html/rfc4880


signature.asc
Description: PGP signature
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Question about symmetric AES cipher in GnuPG

2019-10-27 Thread Stefan Claas via Gnupg-users 
Hi Werner and all,

I was wondering why the binary file size when using symmetric AES
encryption with GnuPG is larger than with other apps, I have tested
so far.

As an example encrypting a text file containing 'Hello World':

gpg --symmetric --cipher-algo AES256 hw.txt gives me a file
size of 87 Bytes.

Doing the same with openssl, for example:

openssl enc -aes-256-cbc -pbkdf2 -in hw.txt -out hw.enc

results in 32 Bytes.

Can you please, or somebody else, explain in laymen terms why this is so?

Regards
Stefan

-- 
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
  certified OpenPGP key blocks available on keybase.io/stefan_claas
   

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: gpg on read-only filesystem

2019-10-27 Thread Fourhundred Thecat 
On 22/10/2019 17.54, Friedhelm Waitzmann wrote:
> A solution for the verify use case: Just read the manual
> ()
> and use “--no-auto-check-trustdb”.

thanks, but using the "--no-auto-check-trustdb" does not help. I still
get the error:

$ gpg --verify --no-auto-check-trustdb file.sig
gpg: assuming signed data in 'file'
gpg: Signature made 2019-10-24T21:33:21 CEST
gpg:using RSA key 88B5AAEE121345AA
gpg: Fatal: can't open '/home/testuser/.gnupg/trustdb.gpg': Operation
not permitted


___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users