Re: Key management for archives

Il 09/06/2017 08:24, Werner Koch ha scritto: > ( gpg --status-fd 1 --show-session-key --max-output 1 \ > -o /dev/null 2>/dev/null FILE || true ) \ >| awk '$1=="[GNUPG:]" && $2=="SESSION_KEY" {print $3}' > The output can then be used with --override-session-key Tks! That's exactly what

Re: Key management for archives

On Tue, 6 Jun 2017 14:39, ndk.cla...@gmail.com said: > Is it possible to "extract" the used session key, so that the requester > just ignores the asymmetric crypto and just uses the symmetric key to > decode the file? Drawbacks? Other ideas? Here is how I would do that: ( gpg --status-fd 1

Re: Key management for archives

Il 06/06/2017 22:40, Konstantin Gribov ha scritto: > In first scheme DEK is never stored in plain text. It used while > encrypting archive and encrypted with gpg (or any other cryptographic > means) and plain text version is removed right after that. There's a big misunderstanding here: the

Re: Key management for archives

On Tue, Jun 6, 2017 at 11:03 PM NdK wrote: > Il 06/06/2017 20:13, Konstantin Gribov ha scritto: > > > I can think of more simpler approach: > > - generate secure random for symmetrical data encryption key (DEK); > > - encrypt that key for authorized users on their public

Re: Key management for archives

Il 06/06/2017 20:13, Konstantin Gribov ha scritto: > I can think of more simpler approach: > - generate secure random for symmetrical data encryption key (DEK); > - encrypt that key for authorized users on their public keys; > - encrypt data itself with something like ChaCha20 or AES in

Re: Key management for archives

Diego, I can think of more simpler approach: - generate secure random for symmetrical data encryption key (DEK); - encrypt that key for authorized users on their public keys; - encrypt data itself with something like ChaCha20 or AES in appropriate mode. In such case you could give end user an