Using GnuPG encryption
If you use cygwin like I do you can optionally install GnuPG (Gnu Privacy Guard). GPG is actually a play on the letters PGP (or Pretty Good Privacy) which is now a privately owned company. GPG is however free and relatively easy to use to encrypt messages or files. I use it to encrypt sensitive files on my USB memory fob.
When you read the extensive manual on GPG you'd think the best way to encrypt your files is with a symmetric cypher. I see some problems with the symmetric cypher approach:
But that's another post.
When you read the extensive manual on GPG you'd think the best way to encrypt your files is with a symmetric cypher. I see some problems with the symmetric cypher approach:
- you need to give the password both when you encrypt and decrypt the file,
- different files could potentially have a different passwords increasing the chance of forgetting what the password is,
- someone who gets my file could try and guess the password,
- if I suspect that someone has learned my password, I need to go an re-crypt all my files with that password.
- I don't need a password to encrypt the file with my public key,
- in fact, I don't even need a password to decrypt it, I just need my private key, but in my case I have my private key password protected so I need to give a password each time,
- if someone gets the file and hasn't stolen my private key too, he's SOL, since that file is encrypted with my public key which is nearly equivalent to encrypting with a large random password. There's no way he can guess the 'password',
- if I suspect that someone has guessed the password to my private key, I just change it, I don't need to re-crypt the files.
- If someone steals my USB fob he's still out of luch because he needs to guess the password I use to protect my private key.
But that's another post.
Comments