1

I want to encrypt a file and be able to decrypt/encrypt it again only for me to use that file.

If I use a key pair to encrypt the file, then I need to move the key files around to new devices if I want to decrypt it there. But that is not very convinient, and if only I am going to use the file, it is nescessary to have a key pair then, or is it enough to just use gpg --symmetric file.example and make the file only ask for a password and not requiring key files as well?

Summary: Is it recommended to encrypt a file with gpg --symmetric so that decrypting the file only requires the correct password to be provided if only one person(me) is going to use it? Compared to creating a key pair and using the key pair to encrypt/decrypt, in which case I will have to have the key files with me if I want to decrypt on a different device.

Grass
  • 23
  • I do that all the time. Just use a long enough passphrase (80 bits should do it, which means about 7 diceware words if I recall, or if you're using random printable characters about 12-13 characters. More than that is fine, but 80 bits is plenty unless you're being specifically targeted by some nation-state :) –  Aug 17 '20 at 03:31

1 Answers1

2

Using a passphrase is fine. GPG contains outdated crypto and can be misused, I'd suggest age as a better option.

Community
  • 1
SAI Peregrinus
  • 138
  • Thanks for answer, what do you mean with being misused? – Grass Aug 15 '20 at 20:52
  • You can specify using insecure ciphers with it. Age doesn't let you do that by simply only including secure methods. – SAI Peregrinus Aug 15 '20 at 20:54
  • Okey, but the default cipher used in gnupg 2.1 is AES-128, so if I use the default, then it should be secure? – Grass Aug 16 '20 at 10:47
  • As long as you pick a secure enough passphrase (10 diceware words is enough), yes. And preferably sign the files after encrypting as well if you're going to upload any of them to cloud backup servers. – SAI Peregrinus Aug 16 '20 at 22:40