Re: GPGME question about ciphertext and plaintext sizes
On Wed, 10 May 2023 14:43, Dim Xr said: > I'm far from a security expert, that's why I needed a more > higher level solution for this. But definitely I'll give it a shot. Use DMCrypt under Linux or Veracrypt etc. Disk encryption is a complicated matter and you definitley should have some experience in this area. > Do you know if OpenSSL is suitable for this task? The same as Libgcrypt is. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein openpgp-digital-signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPGME question about ciphertext and plaintext sizes
Thank you Werner. You need to use a low level crypto library > for that (e.g. Libgcrypt) and decide which algorithm, mode and > additional information you use. > OK I'll check it out. Searching on the mailing list responses I came across with Libgcrypt again, but I've read that it is quite low-level library so you have to be some kind of guru to use it. :-) I'm far from a security expert, that's why I needed a more higher level solution for this. But definitely I'll give it a shot. Do you know if OpenSSL is suitable for this task? Dim. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: GPGME question about ciphertext and plaintext sizes
On Tue, 9 May 2023 17:48, Dim Xr said: > same size? Is there any way to have FPE (Format Preserving Encryption) via > GPGME? No. GPGME uses the OpenPGP and S/MIME protocols (gpg and gpgsm) and is not suitable for your task. You need to use a low level crypto library for that (e.g. Libgcrypt) and decide which algorithm, mode and additional information you use. For example it is possible to create an IV or nonce from the block number but there are many security pitfalls. You may want to read some papers about crypto file systems and look at implementations for Linux and *BSD. In GnuPG we have a disk encryption tools (g13) but that takes only care of encrypting the actual symmetric encryption key. Everything else is left to dmcrypt. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein openpgp-digital-signature.asc Description: PGP signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
GPGME question about ciphertext and plaintext sizes
Hello all, I'm currently working on a userspace block device driver. I want to add encryption on it, and that's how I came across GPGME. My question is: is there a way to encrypt a plaintext and get a ciphertext of **exactly** the same size? Is there any way to have FPE (Format Preserving Encryption) via GPGME? >From my research so far, it doesn't seem to exist one. Even symmetric algorithms are using metadata on the ciphertext so the size is always bigger than the corresponding plaintext. All suggestions are welcome! Thanks. ___ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users