Pgp

[Gros]

Hi all. Anyone here with decent PGP experience?

I have a version on my home PC. I want to use it to simply protect my own files, rather than for the purpose of sharing files with another user (which is its intended use in most cases, sending sensitive data over a network for example).

My version on windows has a facility whereby if you right click the file, select PGP -> Encrypt with passphrase, I simply enter my secret phrase and the PGP file is created. However, I haven't created any private or public keys - it seems I don't need to for this simple purpose - even though it complains that it can't find any master keys, the operation still completes successfully.

What I can't be sure of, however, is if some time in the future I install PGP on another machine, then try and unpack my PGP files using my secret phrase, will this definitely work?

The only way I can really be sure I suppose, is to experiment with someone who has PGP installed elsewhere. I could zip up a simple text file, send it over with the passphrase, and see if it can be read by my helper.

Any takers on this, or advice? Cheers.

[NoddY]

Quote:

Originally Posted by Gros

Hi all. Anyone here with decent PGP experience?

I have a version on my home PC. I want to use it to simply protect my own files, rather than for the purpose of sharing files with another user (which is its intended use in most cases, sending sensitive data over a network for example).

My version on windows has a facility whereby if you right click the file, select PGP -> Encrypt with passphrase, I simply enter my secret phrase and the PGP file is created. However, I haven't created any private or public keys - it seems I don't need to for this simple purpose - even though it complains that it can't find any master keys, the operation still completes successfully.

What I can't be sure of, however, is if some time in the future I install PGP on another machine, then try and unpack my PGP files using my secret phrase, will this definitely work?

The only way I can really be sure I suppose, is to experiment with someone who has PGP installed elsewhere. I could zip up a simple text file, send it over with the passphrase, and see if it can be read by my helper.

Any takers on this, or advice? Cheers.

If you haven't generated any keys then the 'key' is the pass phase; this is called symmetric encryption. As long as another machine supports the same cipher then any attempted decryptions should prompt for a pass phrase.

Resistance to attacks is dependent upon the strength of the pass phrase.

A simple test is to encrypt 1 file with one pass phrase and another file with a different pass phrase and conversely decrypt them. Then you can be certain your software is not prompting for access to cryptographic keys.

[TimberWolf]

Quote:

Originally Posted by Gros

Hi all. Anyone here with decent PGP experience?

I've used PGP a fair bit in the past, but my memory of it is fading now. As PGP is OpenPGP compliant, you should be able to decrypt files using GNUPG, and various programming languages (e.g. Java), assuming you aren't using a proprietary encryption algorithm (PGP may have defaulted to one of those in the past).

[xchaotic]

You should try TrueCrypt instead [1] for files and possibly clipperz [2] for web logins etc.
Much more polished solutions, cross-platform compatibility, possibly better cyphers to choose from, traveller mode on a usb stick and all this free and open source that you could and should compile yourself.
Just remember to back up the data and the headers in Truecrypt and make an offline copy for clipperz.

Write down the password and store it in a physical safe perhaps?

[1] http://www.truecrypt.org/
[2] http://www.clipperz.com/


Lech