Topic: symmetric encryption
Hi,
Thanks for this cool plugin!
It would be cool, if FireGPG would allow for symmetric encryption (password). which is also supported by GnuPG.
Regards,
Holger
- Asher256
- Old FireGPG Dev
- Offline
Re: symmetric encryption
Thanks for this cool plugin!
You're welcome ^_^
It would be cool, if FireGPG would allow for symmetric encryption (password). which is also supported by GnuPG.
If it's supported by GnuPG, it will probably implemented. Thanks for the suggestion.
Re: symmetric encryption
I'm not positive, but since GnuPG is an asymmetrical keypair encryption algorithm, I don't think symmetrical keys are supported. I could be wrong though, GnuPG may have added that as a little bonus.
- the_glu
- FireGPG Dev
- Offline
Re: symmetric encryption
Yes, FireGPG isn't realy for this, but we can implemant him....
Re: symmetric encryption
You don't need to add support for symmetric encryption to FireGPG. In reality, you ARE using symmetric encryption within any asymmetrically encrypted message. Here is how it happens:
1. gpg generates a random hash key based on the preferences of the recipient(s). It normally uses SHA1, since that is the lowest common denominator that will work with everybody. There ARE some exceptions but most of you are using SHA1 as Digest Algorithm anyway.
2. gpg encrypts that key using the other person's public key (meaning only they can get the key back). If you have multiple recipients it makes little difference whether you used either the same key or a different one since each recipient gets their own encryption of the hash key.
3. gpg then symmetrically encrypts the message itself using the hash key. It makes as many copies as there are users, since each user has their own symmetric cipher preference.
4. gpg then gloms all this together and gives it to the email program which in turn sends if off.
Now on the receiving end ...
1. gpg extracts both that person's asymmetrically encrypted key and that recipients copy of the encrypted message based on what key they are using for that email address.
2. gpg asks the user for their public / private key pass-phrase.
3. gpg uses the pass-phrase to decrypt the asymmetrically encrypted key that was randomly created (which is why the OpenPGP people CONSTANTLY caution you NOT to use the same random seed).
4. Using that key gpg asymmetrically decrypted, gpg then uses that key to decrypt the message itself.
In short, you don't need symmetric encryption within FireGPG. If on the other hand somebody wants to use one of the symmetric ciphers to encrypt a file then they can do that via various means and send that as an attachment. But symmetric encryption itself other than what is going on under the hood is NOT needed in FireGPG. It also is *NOT* provide by ANY of the POP email programs, nor should it be.
One of the benefits of asymmetric encryption is that once I have encrypted something for somebody else, even *I* cannot decrypt it. IMHO, symmetric encryption is *NOT* needed in FireGPG. What is needed is to hash (pun intended) why signing isn't working. INLINE encryption works great with ALL of my tests - NONE of the encryption tests have failed yet.