If I understand it correctly, --override-session-key does not allow me to set the session key before encryption. It allows me to set the session key when decrypting, so I can do it without using the private key. The option is used to reveal the content of messages without revealing the private key.
See: http://security.stackexchange.com/questions/115231/how-to-decrypt-a-message-using-only-session-key But following this approach, I would need to be able to change the session key before encryption. So I think this does not solve the problem yet. Am I right? Any other ideas? Kind regards, Erik Neal H. Walfield: > On Sun, 10 Apr 2016 12:56:09 +0200, > Erik Nellessen wrote: >> No, this is not about encrypting large amounts of data with asymmetric >> encryption. ;) It is about encrypting and decrypting small strings, which >> are still way smaller than the public/private key. So I guess this could be >> possible using the interfaces for encrypting/decrypting a data encryption >> key. What is the best way in OpenPGP to encrypt/decrypt small strings using >> asymmetric encryption/decryption directly? > > You can extract the session key using --show-session-key and set the > session key using --override-session-key > > $ echo | gpg2 --no-options -c | gpg2 --show-session-key -d > gpg: session key: '7:7BF4443B3652BD25CEC2BA641135AC58' > > The format of the session key is algorithm id and the hex-encoded > data. > > The created message has the following form: > > echo | gpg2 --no-options -c | gpg2 --list-packets > # off=0 ctb=8c tag=3 hlen=2 plen=13 > :symkey enc packet: version 4, cipher 7, s2k 3, hash 2 > salt 6E31D6F821C697BD, count 24117248 (231) > # off=15 ctb=d2 tag=18 hlen=2 plen=54 new-ctb > :encrypted data packet: > length: 54 > mdc_method: 2 > # off=36 ctb=a3 tag=8 hlen=1 plen=0 indeterminate > :compressed packet: algo=1 > # off=38 ctb=cb tag=11 hlen=2 plen=7 new-ctb > :literal data packet: > mode b (62), created 1460360139, name="", > raw data: 1 bytes > > That is, it has an SK-ESK packet and a symmetrically encrypted packet. > You just want the SK-ESK, which should be relatively straightforward > to extract. Unfortunately, IIRC, if GnuPG doesn't have an encrypted > body, it won't show the session key when --show-session-key is used. > But, this can be changed relatively easily. > > A more fundamental problem is that GnuPG will warn (or perhaps error > out?) if the provided session key is weak. > > Good luck! > > :) Neal > _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
