GNU Privacy Guard (GPG) using Symmetric Key with PythonThe GNU Privacy Guard (GPG) is a program that is based on OpenPGP and can generation a keys pairs, encrypt and decrypt data, and digitally sign files and verify digital signatures. This page uses Version 2.4.0. It supports the public key methods of RSA, ELG, DSA, ECDH, ECDSA, and EDDSA. Also symmetric key ciphers of IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, and CAMELLIA256, along with SHA1, RIPEMD160, SHA256, SHA384, SHA512, and SHA224. The compression methods supports are ZIP, ZLIB, and BZIP2. In this case we will use the symmetric key methods to encrypt a string and use a passphrase to generate the encryption key. |
Meet GPG
It was Phil Zimmerman who created the PGP (Pretty Good Privacy), and which has advanced to the GNU Privacy Guard (GPG). Overall GPG is a program that is based on OpenPGP and can generate keys pairs, encrypt and decrypt data, and digitally sign files and verify digital signatures. This page uses Version 2.4.0. It supports the public key methods of RSA, ELG, DSA, ECDH, ECDSA, and EDDSA. Also symmetric key ciphers of IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, and CAMELLIA256, along with SHA1, RIPEMD160, SHA256, SHA384, SHA512, and SHA224. The compression methods supported are ZIP, ZLIB, and BZIP2.
Having Armor
What’s the simplest way to encrypt something? Well, OpenSSL is a little bit cumborsome with its terse command line options. Overall, GPG (GNU Privacy Guard) possibly provides a solution. In Version 2, it has really grown up and now supports elliptic curve methods. In terms of symmetric key methods, GPG can be used to convert a binary format in an Armor form, and which supports the embedded for an encrypted message within a text format. An example is:
-----BEGIN PGP MESSAGE----- jA0EAgMCIUllLY3Fe+TH0jIBbVClcS0NJF05U8VRW8BDEHjW/E40EKbObStNK4Wy VyI6p7SDJr3Oh7Fxu04CVZT/fg== =mIoy -----END PGP MESSAGE----
While GPG of course supports AES encryption, it includes a number of legacy ciphers including CAST5. Overall, CAST5 uses a 64-bit block size (as apposed to a 128-bit block size for AES), and a 128-bit encryption key. It has a Feistel cipher, and which is similar to the approach of DES and 3DES. GPG does a great job in supporting older ciphers, such as IDEA, Blowfish, Twofish, and Camellia.
CAST5
CAST5 (aka CAST-128) was created by Carlise Adams and Stafford Taveres (CAST), along with Howard Heys and Michael Wiener, and standardized in RFC 2144:
CAST-256 increased the block size to 128 bits:
GPG
We can create a file named 111.txt and then encrypt it with GPG. For this, we use the "--symmetric" flag to encrypt, and decrypt with the "-d". In the following we see that the default symmetric key cipher is 256-bit AES with CFB mode:
> gpg --symmetric 111.txt File '111.txt.gpg' exists. Overwrite? (y/N) y > cat 111.txt.gpg 3�(���X��ITܫ�*������NE T#�� �ת���]ӂx�+�Ut����d�fF > gpg -d 111.txt.gpg gpg: AES256.CFB encrypted data gpg: encrypted with 1 passphrase This is a test.
This will prompt for a password, and which is used with PBKDF2 to produce the encryption key. Overall, the .gpg type of format is difficult to encapsulate in a text form, so we can modify it to output an Armor format (.asc):
> gpg --symmetric --armor 111.txt File '111.txt.asc' exists. Overwrite? (y/N) y > cat 111.txt.asc -----BEGIN PGP MESSAGE----- jA0ECQMCNMJfNMwEE7G60kkBgUQIFDZigeCNs50BcBCWJZA4w6hVf2vFeHQ2MNGs FvKfXxttBZCWWgkZUNxTinTY9sBM7bl1Ho8KOMUQAZnaAmx0l+IL6Q+9 =/6IK -----END PGP MESSAGE----- > gpg -d 111.txt.asc gpg: AES256.CFB encrypted data gpg: encrypted with 1 passphrase This is a test.
To encrypt with CAST5 we need to force the encryption with the "-- allow-old-cipher-algos"":
gpg --symmetric --allow-old-cipher-algos --cipher-algo CAST5 111.txt With a passphrase of “napier”, this produces a binary file of: >cat 111.txt.gpg `���vZ�]����Hg�����L8g���_���F�J
And then with an Armor format (.asc):
> gpg --symmetric --allow-old-cipher-algos --armor --cipher-algo CAST5 111.txt > cat 111.txt.asc -----BEGIN PGP MESSAGE----- jA0EAwMCHBrJLZbIhRK60kIBiy2c/zwSv053ao/8MJBbjY4+e8aJmE0z/p/t8A+H pBAJgHHIj3777akEyLr5200QT7KIlfXssbRr7liQxHiQzhQ= =40BJ -----END PGP MESSAGE-----
Application
In this case we will encrypt the word “hello” with a password of “napier” and using the 3DES encryption method:
echo | set /p = "Hello" | gpg --symmetric --cipher-algo 3des --armor --batch --passphrase napier --allow-old-cipher-algos echo | set /p = "Hello" | gpg --symmetric --cipher-algo 3des --armor --batch --passphrase napier --allow-old-cipher-algos | gpg -d --batch --passphrase napier
In Linux, this is:
echo -n "Hello" | gpg --symmetric --cipher-algo 3des --armor --batch --passphrase napier --allow-old-cipher-algos echo -n "Hello" | gpg --symmetric --cipher-algo 3des --armor --batch --passphrase napier --allow-old-cipher-algos | gpg -d --batch --passphrase napier
A sample run with CAST5 is:
Message: "hello" Type: CAST5 Passphrase: password Encrypted: -----BEGIN PGP MESSAGE----- jA0EAwMCD1ut4Xkxv8PH0jIBRssfpePm3UZ2IKzC1Ujij0O3ENTQ18QDQY7VEOdv s0DeEH8DloRmQ0f9dJ8uhSCGkg== =zdiW -----END PGP MESSAGE----- Decrypted: hello
A sample run with 3DES is:
Message: "hello" Type: 3DES Passphrase: password Encrypted: -----BEGIN PGP MESSAGE----- jA0EAgMCIUllLY3Fe+TH0jIBbVClcS0NJF05U8VRW8BDEHjW/E40EKbObStNK4Wy VyI6p7SDJr3Oh7Fxu04CVZT/fg== =mIoy -----END PGP MESSAGE----- Decrypted: hello
And Twofish:
Message: "hello" Type: TWOFISH Passphrase: password Encrypted: -----BEGIN PGP MESSAGE----- jA0ECgMCF7knAksjNjnH0joBaxru5r4FJqsCQRwBqrFxU3vaGLEye0pd3rBvXo86 9a68weXKl8Q5lrfIuFDuGj1VPOIwjVavVLTB =ejv+ -----END PGP MESSAGE----- Decrypted: hello