Good to know the details of this process. I don't have a need to distribute data to other users, and simply need to protect some local data and only the person with the key is allowed to decrypt the data. That's the reason I want a symmetric key based solution.
Thanks, Wei -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joseph Oreste Bruni Sent: Tuesday, November 14, 2006 4:17 PM To: gnupg-users@gnupg.org Subject: Re: how to create a symmetric cipher When you encrypt to a person's public key you are not using the public key to encrypt the data. First, a random session key is generated and used to encrypt the data using a symmetric cipher. Then only the session key is encrypted using the public key and appended to the file. The recipient uses his private key to decrypt the session key which is then used to decrypt the data via the symmetric cipher. This way you avoid passing symmetric keys in the clear. If you are looking to build a custom solution, you might be better off looking at the OpenSSL crypto API. Joe On Nov 14, 2006, at 3:04 PM, Wei Wu [H] wrote: > Thank you. As I said in my other posts, I don't want to use > passphrase based > encryption, and am looking for key based solution. > > Also I don't need a private/public key-pair based solution as > symmetric key > is more efficient. > > Regards, > WW > > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:gnupg-users- > [EMAIL PROTECTED] > On Behalf Of Joseph Oreste Bruni > Sent: Tuesday, November 14, 2006 3:41 PM > To: gnupg-users@gnupg.org > Subject: Re: how to create a symmetric cipher > > gpg --symmetric --encrypt > > The default is CAST5, but you can specify the algorithm using -- > cipher-algo > > -Joe > > > On Nov 14, 2006, at 12:52 PM, Wei Wu [H] wrote: > >> Hi there, >> >> I want to create a symmetric cipher such as AES to encrypt some >> data, and >> think gpg (GnuPG Version 1.4.2.1) may do this. But I found it gives >> only >> three options, none is symmetric. I would appreciate if anyone can >> point me >> to another or way to do it? >> >> Regards, >> WW >> >> gpg --gen-key >> (1) DSA and Elgamal (default) >> (2) DSA (sign only) >> (5) RSA (sign only) >> >> >> >> _______________________________________________ >> Gnupg-users mailing list >> Gnupg-users@gnupg.org >> http://lists.gnupg.org/mailman/listinfo/gnupg-users > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users > > _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
