Endpoint Encryption

 View Only

  • 1.  How to make sure encryption chiper type

    Posted Aug 13, 2014 10:21 AM

    Hi all, I used PGP Command line to encrypt some file. But i don't know exactly what the chiper type of my encrypted file.

    It is true, if I set the chiper preferred first before i encrypt file. the result of encrypted file are using the last chiper which i set before i encrypt?

    Because, For the case like i set the chiper 3des before i encrypt file, and after that i encrypt the file, so the result are using 3des algorithm right?

    After that i want to test decrypt using aes-128, so i set the chiper aes-128 before decrypting process. But, why pgp still can decrypt the 3des encrypted file in other hand the key already set into aes128?

    Anyone can give me some advice please?

     

    Thank's.



  • 2.  RE: How to make sure encryption chiper type

    Posted Aug 13, 2014 11:45 AM

    You can have more than 1 cipher on a key.  You use the following command to add a cipher to a key:

    pgp --add-perferred-cipher <user> --cipher <cipher> --passphrase <pass>

    same with --remove-preferred-cipher.

    You can see which ciphers are on your key by doing pgp --list-key-details UsernameHere



  • 3.  RE: How to make sure encryption chiper type

    Posted Aug 13, 2014 11:22 PM

    Hi alex,

    my next question, If I encrypt file using chiper A and I Decrypt it using chiper B it is possible?



  • 4.  RE: How to make sure encryption chiper type

    Posted Aug 14, 2014 05:56 AM

    If the ciphers have been added to both keys, then yes.  But if i encrypt a file using 3DES and the recipient only has AES-256 as its available cipher, it wont be able to understand how its encrypted. 

    To be honest, I would only bother with AES-256.  AES-128 is far too weak nowadays as it can be brute forced relatively quickly.



  • 5.  RE: How to make sure encryption chiper type

    Broadcom Employee
    Posted Aug 22, 2014 05:52 AM

    Hi Aryaga,

    Looks like this is somehow a continuity of the following thread (just for all interested who will visit this forum thread )

    https://www-secure.symantec.com/connect/forums/its-possible-decrypt-file-using-different-cipher

     

     



  • 6.  RE: How to make sure encryption chiper type

    Posted Aug 22, 2014 02:36 PM

    I want to repeat something I posted on your previous thread:

    I think the important thing to recognize here is that you are setting a preferred cipher, not eliminating the other ciphers from the key.  Thus the key can decrypt because it has that cipher available, no matter which is set as preferred.

    Don't get hung up on preferred ciphers during decryption.  There is no such thing.  The keys still have all of the ciphers available, they are just not preferred, and again, that setting only applies to encryption.