Short answer: No. This would be a form of a (partially) known plaintext attack. Semantically secure ciphers are safe against this attack and it is not possible to extract information on the key. To be precise, you may of course be able guess a lot in the plaintext domain: "Edward Snowden is a %&@ยต" does leak further information and could easily be "fully deciphered". But this has nothing to do with cryptography.
However, in plain CBC ore counter mode(CTR) for the symmetric encryption it would be possible to change the blocks of known content against content of your liking. This is especially easy and undetectable to the recipient for CTR-mode(just XOR it out). In CBC mode it is more complicated and you would usually mess up some other parts of the decrypted message to unreadable gobbledonk. That is why you need special provisions to protect the authenticity of the cipher in transit if you are using symmetric cryptography only. In this case knowledge of the shared symmetric key is sort of proof that you are a legitimate sender. I don't know how gpg does it, in academic signature I use an hmac to protect solely symmetrically enciphered messages. There are standardized modes you might use to achieve that e.g. EAX or CCM. In an asymmetrically enciphered message it makes sense only to use digital signatures to protect the message or cipher(as opposed to the EAX, CCM or other symmetrically authenticated modes). Here the symmetric key is created on the fly for just this message and knowledge of the symmetric key alone would be no proof of anything other than that the sender is the sender. If you have a shaky system that might get disrupted by feeding it maliciously crafted information, it would make sense to asymmetrically sign the cipher and only decrypt if the signature is valid. Generally it is logically more sound to sign the content and then symmetrically encipher content and signature. Again I don't know how gpg does it. May be someone knowing the gpg internals might supply the information. Some people may disagree on the content of this last paragraph regarding usefullness of authenticated symmetric encryption in combination with asymmetric cryptography. There is even a proposed standard "ECIES" which combines asymmetric cryptography with symmetrically authenticated ciphers. I do not consider ECIES to be logically sound. If you are interested in this topic, you may have fun listening into Dan Bonehs great lectures on cryptography in coursera (for free). https://www.coursera.org/courses?orderby=upcoming&search=cryptography regards Michael Anders _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
