In addition to public key encryption, GPG can also be used to password encrypt files. This doesn’t use public/private key encryption but uses symmetric key ciphers like AES or CAST. This can be useful when you simply need to use a shared secret to encrypt or decrypt a file or if you are encrypting a file to yourself for safekeeping.
OpenSSL is cool and all but don’t use it to encrypt information in-situ. It’s a bad idea. OpenSSL is good for generating TLS certificates. It wasn’t intended for file encryption.
To encrypt a file named
$ gpg -c message.txt
This will give you a file called
message.txt.gpg. If you do a
file on this file, it would show you what kind of cipher it has been encrypted with.
$ file message.txt.gpg message.txt.gpg: GPG symmetrically encrypted data (CAST5 cipher)
To decrypt it, simply do:
$ gpg message.txt.gpg Enter passphrase:
You should have noted that the default cipher is CAST5 (no known attacks). But if you need to choose a different cipher, you can do so using the
--cipher-algo switch to gpg. When I try to tab-complete the cipher algorithm in my laptop, this is what I get:
$ gpg -c --cipher-algo Completing cipher 3DES AES AES192 AES256 BLOWFISH CAST5 IDEA TWOFISH
Example: Using Twofish cipher to encrypt a file
$ gpg -c --cipher-algo TWOFISH message.txt Enter passphrase: Repeat passphrase:
Inspecting the file
$ file message.txt.gpg message.txt.gpg: GPG symmetrically encrypted data (TWOFISH cipher)
Hope this helps. The only problem is that you have to choose a long pass-phrase and remember the damned thing.
What cipher algorithm do I choose?
Short answer: Choose any.
None of these algorithms have known attacks. Twofish is a successor of Blowfish and was the finalist in the competition that selected RIJNDAEL as the AES standard. The plain AES operates on a key size of 128bits which is itself pretty secure. Blowfish makes it hard to do brute forcing because of the initial key setup operation being slow and expensive.
An interesting read about block cipher security: http://security.stackexchange.com/questions/6141/amount-of-simple-operations-that-is-safely-out-of-reach-for-all-humanity/6149#6149
Leave feedback / questions in the comments.