[openssl-users] OpenSSL vs GPG for encrypting files? Security best practices?

[Bear Giles]

> I'm considering encrypting a tar archive and optionally a block file
system (via FUSE) using either utility

Linux has good support for encrypted filesystems. Google LUKS. Most (all?)
distros allow you to install on an encrypted filesystem and with a little
bit of research you can have encrypted external drives and thumb drives. If
you dig into /etc/crypttab and udevadm you can even have encrypted drives
automount as long as LUKS already has your passphrase. (E.g., I'm a bad
bear because I used the same passphrase on my laptop and my thumb drives.)
It's not limited to passphrases - you could use a hardware device like
digikey or a file containing the secret key.

> I am also curious to why GPG is used for file based encryption when only
a single key is required.

As I recall PGP always uses a random session key* for the actual
encryption. with N copies of the key encrypted using a PBE passphrase, a
public key in the keyring, etc. That's how multiple people can decrypt a
file even though they don't share any keys. The data itself is chunked into
blocks and each block uses the same key but a different random salt.

I don't recall if also it prepends or appends random data. That's a common
counter to known-text attacks like knowing that a zip file always starts
with the same few bytes.

(* Well, "session key" when it's data-in-flight. I don't remember the term
when it's data-at-rest.)

BTW a tar file starts with the name of the first entry. The 'magic numbers'
are at offset 128 or so. However a compressed tar file will start with a
known value since gzip, b2zip, and 7zip?, all start with their magic values.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181103/3f7a2b17/attachment.html>