On 12/19/2014 6:05 AM, Haritwal, Dhiraj wrote: > One more thing, this time when I encrypt the file with my private key > (without sign & only with armor switch), it's still asking passphrase > to decrypt it even on my same server. That means it's still using > PassPhrase to encrypt the file. Does it somewhere set by default in > the Gnupg config.
I assume that you mean that you encrypted the file using your own public key. If so, it's normal for GnuPG to prompt you for your passphrase when you decrypt the file: the private key is needed to decrypt the file, and the passphrase is used to unlock the private key so it can be used. When you're using symmetric encryption mode, the passphrase is used to encrypt and decrypt the file. When used with public/private keys, the passphrase is not used at all to encrypt the file. The file is encrypted using the recipient's *public* key[1] and sent to the recipient. The recipient uses their passphrase to unlock their *private* key, which is used to decrypt the file. Public-key crypto is somewhat of a black art, and there's many aspects that can be quite confusing. You might find the "Art of the Problem" video series on cryptography[3] to be interesting. Mozilla also has an introduction to cryptography[4] which might also help clarify things. While it focuses on the use of cryptography in a general web browser-server system, many of the concepts apply to GnuPG. Cheers! -Pete [1] This is a somewhat simplified explanation. In actuality, the file is encrypted using a randomly-generated session key and a symmetric cipher like AES, and the session key is encrypted using the recipient's public key. This "hybrid cryptosystem"[2] has several advantages over encrypting the whole file using the recipient's public key. [2] https://en.wikipedia.org/wiki/Hybrid_cryptosystem [3] https://www.youtube.com/playlist?list=PLB4D701646DAF0817 [4] https://developer.mozilla.org/en-US/docs/Introduction_to_Public-Key_Cryptography _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
