Verifying the encryption cipher used in Kleopatra
up vote
0
down vote
favorite
I'm in the process of rolling out Kleopatra and wanted to verify the cipher being used. In Kleopatra, under "GnuPG System > S/MIME > use cipher algorithm NAME", the option is set to AES. Is this the cipher used for encryption and is it presumably AES128? How can I verify that?
I've encrypted a file through Kleopatra and sent it to a linux box where I ran the ciphertext through pgpdump
. Not sure what I'm looking at. I was expecting to see 'AES' here somewhere.
Old: Public-Key Encrypted Session Key Packet(tag 1)(268 bytes)
New version(3)
Key ID - 0xxxxxxxxxxxx95
Pub alg - RSA Encrypt or Sign(pub 1)
RSA m^e mod n(2045 bits) - ...
-> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02
Old: Public-Key Encrypted Session Key Packet(tag 1)(268 bytes)
New version(3)
Key ID - 0xxxxxxxxxxxx4E
Pub alg - RSA Encrypt or Sign(pub 1)
RSA m^e mod n(2046 bits) - ...
-> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02
New: Symmetrically Encrypted and MDC Packet(tag 18)(512 bytes) partial start
Ver 1
Encrypted data [sym alg is specified in pub-key encrypted session key]
(plain text + MDC SHA1(20 bytes))
New: (54 bytes) partial end
I've tried gnupg --list-packets file.gpg
with nothing I see as indicative of the cipher, but that's probably my ignorance showing:
$ gpg --list-packets file.gpg
:pubkey enc packet: version 3, algo 1, keyid xxxxxxxx95
data: [2045 bits]
:pubkey enc packet: version 3, algo 1, keyid xxxxxxxx4E
data: [2046 bits]
:encrypted data packet:
length: unknown
mdc_method: 2
gpg: encrypted with 2048-bit RSA key, ID xxxxxx4E, created 2018-11-28
"xxxxxx <xxxxxx@xxxxx>"
gpg: encrypted with 2048-bit RSA key, ID xxxxxx95, created 2017-07-13
"xxxxxxxxx <xxxxxx@xxxxx>"
gpg: decryption failed: secret key not available
I've also extracted the first 16 bytes of file.gpg. I read somewhere that the 4th byte should be 09
for AES, but this doesn't seem to be the case either:
$ od -t x1 file.gpg | head -1
0000000 85 01 0c 03 19 c3 9b 0a b3 f1 23 95 01 07 fd 15
encryption
migrated from crypto.stackexchange.com Nov 29 at 6:05
This question came from our site for software developers, mathematicians and others interested in cryptography.
add a comment |
up vote
0
down vote
favorite
I'm in the process of rolling out Kleopatra and wanted to verify the cipher being used. In Kleopatra, under "GnuPG System > S/MIME > use cipher algorithm NAME", the option is set to AES. Is this the cipher used for encryption and is it presumably AES128? How can I verify that?
I've encrypted a file through Kleopatra and sent it to a linux box where I ran the ciphertext through pgpdump
. Not sure what I'm looking at. I was expecting to see 'AES' here somewhere.
Old: Public-Key Encrypted Session Key Packet(tag 1)(268 bytes)
New version(3)
Key ID - 0xxxxxxxxxxxx95
Pub alg - RSA Encrypt or Sign(pub 1)
RSA m^e mod n(2045 bits) - ...
-> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02
Old: Public-Key Encrypted Session Key Packet(tag 1)(268 bytes)
New version(3)
Key ID - 0xxxxxxxxxxxx4E
Pub alg - RSA Encrypt or Sign(pub 1)
RSA m^e mod n(2046 bits) - ...
-> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02
New: Symmetrically Encrypted and MDC Packet(tag 18)(512 bytes) partial start
Ver 1
Encrypted data [sym alg is specified in pub-key encrypted session key]
(plain text + MDC SHA1(20 bytes))
New: (54 bytes) partial end
I've tried gnupg --list-packets file.gpg
with nothing I see as indicative of the cipher, but that's probably my ignorance showing:
$ gpg --list-packets file.gpg
:pubkey enc packet: version 3, algo 1, keyid xxxxxxxx95
data: [2045 bits]
:pubkey enc packet: version 3, algo 1, keyid xxxxxxxx4E
data: [2046 bits]
:encrypted data packet:
length: unknown
mdc_method: 2
gpg: encrypted with 2048-bit RSA key, ID xxxxxx4E, created 2018-11-28
"xxxxxx <xxxxxx@xxxxx>"
gpg: encrypted with 2048-bit RSA key, ID xxxxxx95, created 2017-07-13
"xxxxxxxxx <xxxxxx@xxxxx>"
gpg: decryption failed: secret key not available
I've also extracted the first 16 bytes of file.gpg. I read somewhere that the 4th byte should be 09
for AES, but this doesn't seem to be the case either:
$ od -t x1 file.gpg | head -1
0000000 85 01 0c 03 19 c3 9b 0a b3 f1 23 95 01 07 fd 15
encryption
migrated from crypto.stackexchange.com Nov 29 at 6:05
This question came from our site for software developers, mathematicians and others interested in cryptography.
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
I'm in the process of rolling out Kleopatra and wanted to verify the cipher being used. In Kleopatra, under "GnuPG System > S/MIME > use cipher algorithm NAME", the option is set to AES. Is this the cipher used for encryption and is it presumably AES128? How can I verify that?
I've encrypted a file through Kleopatra and sent it to a linux box where I ran the ciphertext through pgpdump
. Not sure what I'm looking at. I was expecting to see 'AES' here somewhere.
Old: Public-Key Encrypted Session Key Packet(tag 1)(268 bytes)
New version(3)
Key ID - 0xxxxxxxxxxxx95
Pub alg - RSA Encrypt or Sign(pub 1)
RSA m^e mod n(2045 bits) - ...
-> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02
Old: Public-Key Encrypted Session Key Packet(tag 1)(268 bytes)
New version(3)
Key ID - 0xxxxxxxxxxxx4E
Pub alg - RSA Encrypt or Sign(pub 1)
RSA m^e mod n(2046 bits) - ...
-> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02
New: Symmetrically Encrypted and MDC Packet(tag 18)(512 bytes) partial start
Ver 1
Encrypted data [sym alg is specified in pub-key encrypted session key]
(plain text + MDC SHA1(20 bytes))
New: (54 bytes) partial end
I've tried gnupg --list-packets file.gpg
with nothing I see as indicative of the cipher, but that's probably my ignorance showing:
$ gpg --list-packets file.gpg
:pubkey enc packet: version 3, algo 1, keyid xxxxxxxx95
data: [2045 bits]
:pubkey enc packet: version 3, algo 1, keyid xxxxxxxx4E
data: [2046 bits]
:encrypted data packet:
length: unknown
mdc_method: 2
gpg: encrypted with 2048-bit RSA key, ID xxxxxx4E, created 2018-11-28
"xxxxxx <xxxxxx@xxxxx>"
gpg: encrypted with 2048-bit RSA key, ID xxxxxx95, created 2017-07-13
"xxxxxxxxx <xxxxxx@xxxxx>"
gpg: decryption failed: secret key not available
I've also extracted the first 16 bytes of file.gpg. I read somewhere that the 4th byte should be 09
for AES, but this doesn't seem to be the case either:
$ od -t x1 file.gpg | head -1
0000000 85 01 0c 03 19 c3 9b 0a b3 f1 23 95 01 07 fd 15
encryption
I'm in the process of rolling out Kleopatra and wanted to verify the cipher being used. In Kleopatra, under "GnuPG System > S/MIME > use cipher algorithm NAME", the option is set to AES. Is this the cipher used for encryption and is it presumably AES128? How can I verify that?
I've encrypted a file through Kleopatra and sent it to a linux box where I ran the ciphertext through pgpdump
. Not sure what I'm looking at. I was expecting to see 'AES' here somewhere.
Old: Public-Key Encrypted Session Key Packet(tag 1)(268 bytes)
New version(3)
Key ID - 0xxxxxxxxxxxx95
Pub alg - RSA Encrypt or Sign(pub 1)
RSA m^e mod n(2045 bits) - ...
-> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02
Old: Public-Key Encrypted Session Key Packet(tag 1)(268 bytes)
New version(3)
Key ID - 0xxxxxxxxxxxx4E
Pub alg - RSA Encrypt or Sign(pub 1)
RSA m^e mod n(2046 bits) - ...
-> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02
New: Symmetrically Encrypted and MDC Packet(tag 18)(512 bytes) partial start
Ver 1
Encrypted data [sym alg is specified in pub-key encrypted session key]
(plain text + MDC SHA1(20 bytes))
New: (54 bytes) partial end
I've tried gnupg --list-packets file.gpg
with nothing I see as indicative of the cipher, but that's probably my ignorance showing:
$ gpg --list-packets file.gpg
:pubkey enc packet: version 3, algo 1, keyid xxxxxxxx95
data: [2045 bits]
:pubkey enc packet: version 3, algo 1, keyid xxxxxxxx4E
data: [2046 bits]
:encrypted data packet:
length: unknown
mdc_method: 2
gpg: encrypted with 2048-bit RSA key, ID xxxxxx4E, created 2018-11-28
"xxxxxx <xxxxxx@xxxxx>"
gpg: encrypted with 2048-bit RSA key, ID xxxxxx95, created 2017-07-13
"xxxxxxxxx <xxxxxx@xxxxx>"
gpg: decryption failed: secret key not available
I've also extracted the first 16 bytes of file.gpg. I read somewhere that the 4th byte should be 09
for AES, but this doesn't seem to be the case either:
$ od -t x1 file.gpg | head -1
0000000 85 01 0c 03 19 c3 9b 0a b3 f1 23 95 01 07 fd 15
encryption
encryption
asked Nov 28 at 19:17
Server Fault
1362
1362
migrated from crypto.stackexchange.com Nov 29 at 6:05
This question came from our site for software developers, mathematicians and others interested in cryptography.
migrated from crypto.stackexchange.com Nov 29 at 6:05
This question came from our site for software developers, mathematicians and others interested in cryptography.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
In GnuPG, under listed algorithms, such as the following output of gpg --version
, you can see the supported block ciphers of your build.
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
Unlike the Camellia family, AES-128 is simply listed as AES. This is likely due to how ubiquitous AES-128 is; it is often referred to as just AES because currently, most applications don't benefit that much security-wise from using AES-192 or AES-256.
Moderators: This post should be on Super User, rather than on Cryptography, where it was originally posted. OP is a new user, please let them know that Cryptography Stack Exchange is for discussion of the mathematics of cryptography and development of software rather than the use of software.
So AES is AES-128. Thanks for clarifying but how can I verify that is the cipher used in my encrypted file? Everything I've tried so far seems inconclusive unless I'm missing the obvious? I'd like to be able to verify users have encrypted a file meeting a given security policy (such as AES-128). Isalgo 1
any kind of clue?
– Server Fault
Nov 29 at 14:21
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
In GnuPG, under listed algorithms, such as the following output of gpg --version
, you can see the supported block ciphers of your build.
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
Unlike the Camellia family, AES-128 is simply listed as AES. This is likely due to how ubiquitous AES-128 is; it is often referred to as just AES because currently, most applications don't benefit that much security-wise from using AES-192 or AES-256.
Moderators: This post should be on Super User, rather than on Cryptography, where it was originally posted. OP is a new user, please let them know that Cryptography Stack Exchange is for discussion of the mathematics of cryptography and development of software rather than the use of software.
So AES is AES-128. Thanks for clarifying but how can I verify that is the cipher used in my encrypted file? Everything I've tried so far seems inconclusive unless I'm missing the obvious? I'd like to be able to verify users have encrypted a file meeting a given security policy (such as AES-128). Isalgo 1
any kind of clue?
– Server Fault
Nov 29 at 14:21
add a comment |
up vote
0
down vote
In GnuPG, under listed algorithms, such as the following output of gpg --version
, you can see the supported block ciphers of your build.
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
Unlike the Camellia family, AES-128 is simply listed as AES. This is likely due to how ubiquitous AES-128 is; it is often referred to as just AES because currently, most applications don't benefit that much security-wise from using AES-192 or AES-256.
Moderators: This post should be on Super User, rather than on Cryptography, where it was originally posted. OP is a new user, please let them know that Cryptography Stack Exchange is for discussion of the mathematics of cryptography and development of software rather than the use of software.
So AES is AES-128. Thanks for clarifying but how can I verify that is the cipher used in my encrypted file? Everything I've tried so far seems inconclusive unless I'm missing the obvious? I'd like to be able to verify users have encrypted a file meeting a given security policy (such as AES-128). Isalgo 1
any kind of clue?
– Server Fault
Nov 29 at 14:21
add a comment |
up vote
0
down vote
up vote
0
down vote
In GnuPG, under listed algorithms, such as the following output of gpg --version
, you can see the supported block ciphers of your build.
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
Unlike the Camellia family, AES-128 is simply listed as AES. This is likely due to how ubiquitous AES-128 is; it is often referred to as just AES because currently, most applications don't benefit that much security-wise from using AES-192 or AES-256.
Moderators: This post should be on Super User, rather than on Cryptography, where it was originally posted. OP is a new user, please let them know that Cryptography Stack Exchange is for discussion of the mathematics of cryptography and development of software rather than the use of software.
In GnuPG, under listed algorithms, such as the following output of gpg --version
, you can see the supported block ciphers of your build.
Supported algorithms:
Pubkey: RSA, ELG, DSA, ECDH, ECDSA, EDDSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
Unlike the Camellia family, AES-128 is simply listed as AES. This is likely due to how ubiquitous AES-128 is; it is often referred to as just AES because currently, most applications don't benefit that much security-wise from using AES-192 or AES-256.
Moderators: This post should be on Super User, rather than on Cryptography, where it was originally posted. OP is a new user, please let them know that Cryptography Stack Exchange is for discussion of the mathematics of cryptography and development of software rather than the use of software.
answered Nov 28 at 22:19
Expectator
1
1
So AES is AES-128. Thanks for clarifying but how can I verify that is the cipher used in my encrypted file? Everything I've tried so far seems inconclusive unless I'm missing the obvious? I'd like to be able to verify users have encrypted a file meeting a given security policy (such as AES-128). Isalgo 1
any kind of clue?
– Server Fault
Nov 29 at 14:21
add a comment |
So AES is AES-128. Thanks for clarifying but how can I verify that is the cipher used in my encrypted file? Everything I've tried so far seems inconclusive unless I'm missing the obvious? I'd like to be able to verify users have encrypted a file meeting a given security policy (such as AES-128). Isalgo 1
any kind of clue?
– Server Fault
Nov 29 at 14:21
So AES is AES-128. Thanks for clarifying but how can I verify that is the cipher used in my encrypted file? Everything I've tried so far seems inconclusive unless I'm missing the obvious? I'd like to be able to verify users have encrypted a file meeting a given security policy (such as AES-128). Is
algo 1
any kind of clue?– Server Fault
Nov 29 at 14:21
So AES is AES-128. Thanks for clarifying but how can I verify that is the cipher used in my encrypted file? Everything I've tried so far seems inconclusive unless I'm missing the obvious? I'd like to be able to verify users have encrypted a file meeting a given security policy (such as AES-128). Is
algo 1
any kind of clue?– Server Fault
Nov 29 at 14:21
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1379286%2fverifying-the-encryption-cipher-used-in-kleopatra%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown