Endpoint Encryption

 View Only
  • 1.  It's Possible Decrypt file using different cipher?

    Posted Aug 13, 2014 11:40 PM

    Hi all,

    It's possible if encrypt file with set preffered cipher 3des and I decrypt it with set prefferd cipher aes192 in the same key?

    Thank you.



  • 2.  RE: It's Possible Decrypt file using different cipher?

    Broadcom Employee
    Posted Aug 14, 2014 07:38 AM

    Hi, Aryaga

    I did not test encryption/decryption process using different ciphers but becuase these are the available ciphers as per pgp command line guide:

     

    • idea (IDEA cipher)
    • 3des (3DES cipher)   <--- yorus one
    • cast5 (CAST5 cipher)
    • blowfish (Blowfish cipher)
    • aes128 (AES128 cipher)
    • aes192 (AES192 cipher)     <-- yours one
    • aes256 (AES256 cipher)
    • twofish (Twofish 256 cipher)

     

    and you can specify --set-preferred-ciphers which ciphers should be used giving them priority as example for specific key:

    pgp --set-preferred-ciphers 0x12345678 --passphrase "bicycling#is*fun" --aes192 1 --3des 2

    so we should be able to encrypt with aes192 and decrypt with 3des.

    PGP Command Line 10.3.0 User's Guide
    http://www.symantec.com/docs/DOC6232

    HTH



  • 3.  RE: It's Possible Decrypt file using different cipher?
    Best Answer

    Broadcom Employee
    Posted Aug 14, 2014 10:45 AM

    Hi, Aryaga

    In fact I run a quick test. I don't see that verbose command is showing which type of the cipher is used during decryption process at all (no matter if encryption is symmetric or public-key encryption)  This is only showing while encrypting

    Have a look:

    1. Generate a key

    C:\Program Files (x86)\PGP Corporation\PGP Command Line>pgp --gen-key "testciphter testcipher@ag.dom" --key-type rsa --encryption-bits 2048 --passphrase "plokij5%"

    2. List key

    C:\Program Files (x86)\PGP Corporation\PGP Command Line>pgp --list-keys
     Alg  Type Size/Type Flags   Key ID     User ID
    ----- ---- --------- ------- ---------- -------
     RSA4 pair 2048/2048 [VI---] 0x1A78013D user3 <user3@ag.dom>
    *RSA4 pair 2048/2048 [VI---] 0x82A87174 testciphter testcipher@ag.dom
    2 keys found

    3. Set preferred cipher  (3des priority/order 1, aes192 priority/order 2)

    C:\Program Files (x86)\PGP Corporation\PGP Command Line>pgp --set-preferred-ciphers 0x82A87174 --passphrase "plokij5%" --3des 1 --aes192 2
    0x82A87174:set preferred ciphers (0:preferred ciphers updated)

    4. List key details for 0x82A87174

     

    C:\Program Files (x86)\PGP Corporation\PGP Command Line>pgp --list-key-details 0x82A87174
    Key Details: testciphter testcipher@ag.dom
         Key ID: 0x82A87174 (0x1C1A607F82A87174)
           Type: RSA (v4) key pair
           Size: 2048
       Validity: Complete
          Trust: Implicit (Axiomatic)
        Created: 2014-08-14
        Expires: Never
         Status: Active
         Cipher: TripleDES
         Cipher: AES-192

           Hash: SHA-256
           Hash: SHA-512
       Compress: ZLIB
          Photo: No
      Revocable: Yes
    ....
    ....
    ....

    5. Encrypt file with 3des (symmetric encryption)

    C:\Program Files (x86)\PGP Corporation\PGP Command Line>pgp -c test_file.txt --s
    ymmetric-passphrase "plokij5%" --cipher 3des -v

    pgp:encrypt (3157:current local time 2014-08-14T15:59:31+02:00)
    test_file.txt:encrypt (3048:data encrypted with cipher TripleDES)
    Encoding test_file.txt... 100% (⸥昱猥)
    Wiping file pgp-2568-0.tmp... 100%
    pgp-2568-0.tmp:encrypt (0:file wiped successfully)
    test_file.txt:encrypt (3083:could not create output file test_file.txt.pgp)

    6. Changed preferred cipher order to --aes192 1 --3des 2  (reason becuse while decrypting I have not seen which cipher is used in fact with verbose command)

    C:\Program Files (x86)\PGP Corporation\PGP Command Line>pgp --set-preferred-ciph
    ers 0x82A87174 --passphrase "plokij5%" --aes192 1 --3des 2
    0x82A87174:set preferred ciphers (0:preferred ciphers updated)

    7. List key details again to check the cipher order

    C:\Program Files (x86)\PGP Corporation\PGP Command Line>pgp --list-key-details 0
    x82A87174
    Key Details: testciphter testcipher@ag.dom
         Key ID: 0x82A87174 (0x1C1A607F82A87174)
           Type: RSA (v4) key pair
           Size: 2048
       Validity: Complete
          Trust: Implicit (Axiomatic)
        Created: 2014-08-14
        Expires: Never
         Status: Active
         Cipher: AES-192
         Cipher: TripleDES

           Hash: SHA-256
           Hash: SHA-512
       Compress: ZLIB
          Photo: No
      Revocable: Yes
          Token: No
      Keyserver: Absent
        Default: Yes
    ...
    ...
    ....

    8. Decrypt the file (symetric decryption) no information at all about type of cipher.

    C:\Program Files (x86)\PGP Corporation\PGP Command Line>pgp --decrypt test_file.
    txt.pgp --symmetric-passphrase "plokij5%" --overwrite remove -v

    pgp:decrypt (3157:current local time 2014-08-14T16:23:12+02:00)
    Decoding file test_file.txt.pgp... 100% (甥猥)
    test_file.txt.pgp:decrypt (0:output file test_file.txt)
     

    So based on this test I can state that decryption is done via prefered aes192 cipher. I can alo set preferred cipher to only one cipher aes192 and run decryption which will work as well:

    9. Change to only one cipher --aes192 1

    C:\Program Files (x86)\PGP Corporation\PGP Command Line>pgp --set-preferred-ciph
    ers 0x82A87174 --passphrase "plokij5%" --aes192 1
    0x82A87174:set preferred ciphers (0:preferred ciphers updated)

    10. List key - one cipher only:

    C:\Program Files (x86)\PGP Corporation\PGP Command Line>pgp --list-key-details 0
    x82A87174
    Key Details: testciphter testcipher@ag.dom
         Key ID: 0x82A87174 (0x1C1A607F82A87174)
           Type: RSA (v4) key pair
           Size: 2048
       Validity: Complete
          Trust: Implicit (Axiomatic)
        Created: 2014-08-14
        Expires: Never
         Status: Active
         Cipher: AES-192
           Hash: SHA-256
           Hash: SHA-512
       Compress: ZLIB
          Photo: No
      Revocable: Yes
          Token: No
      Keyserver: Absent
        Default: Yes
        Wrapper: No
     Prop Flags: Sign user IDs

    ....
    ....
    ...

    11. Decrypt again

    C:\Program Files (x86)\PGP Corporation\PGP Command Line>pgp --decrypt test_file.
    txt.pgp --symmetric-passphrase "plokij5%" --overwrite remove --v
    pgp:decrypt (3157:current local time 2014-08-14T16:42:38+02:00)
    Decoding file test_file.txt.pgp... 100% (甥猥)
    test_file.txt.pgp:decrypt (0:output file test_file.txt)

     

    So looks like it is working but I don't see the way how to verify and force cipher 2 usage during decryption  (unless I need to verify pgp command line syntax in more details )

    HTH



  • 4.  RE: It's Possible Decrypt file using different cipher?

    Posted Aug 14, 2014 12:21 PM

    I think the important thing to recognize here is that you are setting a preferred cipher, not eliminating the other ciphers from the key.  Thus the key can decrypt because it has that cipher available, no matter which is set as preferred.

    It would be like sending a message in Spanish to someone that speaks German.  Unless the German-speaker can also speak Spanish (even though it is not his first/preferred language), he would not be able to decipher the message.

    It does not matter what the preferred cipher is for decryption as long as the key still understands the other ciphers.



  • 5.  RE: It's Possible Decrypt file using different cipher?

    Posted Aug 14, 2014 01:43 PM

    Hi all, Thank you for you're solution.