On 3/10/2015 at 4:19 PM, "Maricel Gregoraschko" <maricelgregorasc...@yahoo.com> wrote:
>I agree, using key instead of passphrase doesn't enhance security >(assuming an attacker knows that the key was derived from a >passphrase and with what key derivation algorithm? I assume the >randomness/entropy of the key itself is high enough regardless of >the passphrase strength?). The reason I was asking if it's a >possibility to store the symmetric key to decrypt with later, was >to protect against future changes in the key derivation algorithm, >that would make gpg generate a different key for the same >passphrase, useless to decrypt previously encrypted data.Thank you >for your support. ----- If you don't want to keep your passsphrase, and want only to keep the session key, and you want this to have no weakness because of a questionably strong enough password that was used to generate the key, then there is an easy way to do what you want: [1] Encrypt a test message to any of your own keys. [2] Decrypt this test message, with the option of --show-session-key [3] Use this session key as the 64 character password for your symmetric encryption, (and save it, or you won't be able to decrypt the symmetric message). [4] Decrypt your symmetrically encrypted file or message, using the option of --show-session-key [5] Save this session key, and if you wish, you can destroy the first one. (you can always get it back by decrypting your message of step [1] ). The string-to-key part of generating the session key for the symmetrically encrypted message, will be using a random 64 character GnuPG generated session key as it's password. You can't find a better password (especially even one that you don't have to remember ;-) ) vedaal _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
