Reputation: 395
Encrypt with GPG without adding stuff to the encrypted file?
$ echo "helloworld" > text.txt
$ cat text.txt
helloworld
$ gpg --cipher-algo AES256 --symmetric --armor text.txt
gpg: gpg-agent is not available in this session
$ ls
text.txt text.txt.asc
$ cat text.txt.asc
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1
jA0ECQMCnGyzh+mRmpBg0kgBfcqLbdAhLc+xwZDta3/kudi/f6MmjXUzFUbNFr3H
IoXgqzjRqbeNESHd+nFSTxHQc8tXF80vXMdDzTy3HmD6ZWk3BvVx5Vo=
=EviP
-----END PGP MESSAGE-----
So, how can I avoid adding GPG stuff? I want only the encrypted bytes.
As AES256 is symmetric, I'd like to do something like this:
1. Apply AES with keyA to "file_original.txt" and produce "file_keyA.txt"
2. Apply AES with keyB to "file_keyA.txt" and get "file_keyA_keyB.txt"
3. Apply AES with keyA to "file_keyA_keyB.txt" and get "file_keyB.txt"
4. Apply AES with keyB to "file_keyB" and get "file_original.txt"
So, if I'm A, and want to send "sometext" to my friend B:
- I send "sometext" encrypted with GPG with keyA to my friend.
- He send back to me his text encrypted with his keyB too.
- I decrypt with my keyA and send back to him.
- He should apply keyB and get "sometext".
It should be possible if I use gpg with AES and my friend another software or another symmetric algorithm without knowing my keyA. But it's only possible if gpg (or his software) doesn't add stuff to the encrypted file. I want to apply only the algorithm AES, so I can encrypt multiple times with the same key and get the original.
Upvotes: 0
Views: 1530
Answers (2)
Reputation: 631
If you're looking to send an encrypted message to your friend with gpg, without sharing a passphrase that'd be used to decrypt the message, then you probably want to use asymmetric encryption. To do this, you and your friend will each need to generate PGP keys with
gpg --gen-key
then exchange your public keys
gpg -a --export "mykey" > mykey.pub
<trade mykey.pub files>
gpg --import theirkey.pub
then prepare your message for transmission
gpg -e -a -u "my key" -r "their key" --sign -o somefile.txt.gpg somefile.txt
after your friend has the message they'll need to decrypt it with
gpg -d -o somefile.txt somefile.txt.gpg
and they've got the message. GnuPG will generate a strong key, use that key to encrypt the message, then use your friend's key to encrypt that key and attach it to the file. It'll also use your private key to sign the file so your friend can be (reasonably) sure it wasn't tampered with in transit. In this example you can use
gpg --list-keys <or gpg -k>
to find their key handle (it's the bit after "rsa4096/" and before the creation date) to use in the quotes in the -r "their key" part, and
gpg --list-secret-keys <or gpg -K>
to find the handle of your key, to use in the -u "my key" part.
If you're really looking to use symmetric encryption and share a passphrase with your friend, then I'd also recommend openssl, like @pchris suggested.
Upvotes: 1
Reputation: 35
Probably you want to use openssl instead of gnupg. For example:
openssl enc -aes128 -salt -in yyy -out yyy.enc
More information at the manpage: https://www.openssl.org/docs/man1.0.2/apps/enc.html
Upvotes: 2
Related Questions
- How to encrypt a string without writing it to a file
- GnuPG - How to edit the file without decrypt and save to local disk first?
- decrypt encrypted gpg file using external secret key
- Signing and Encrypting file via GnuPG encryption
- how to encrypt a file using private key in gpg
- GnuPG: How to encrypt/decrypt files using a certain key?
- Decrypt file using GnuPG
- gnupg - need to be able to decrypt, without being able to encrypt
- Writing gpg decrypted file to a specified outfile
- GPG decrypts file with no content/as empty file