1

I'm using a script to pack and encrypt archives in order to backup them in cloud storage.

It generates shell commands like this:

cd /vault/backup/pictures; tar cf - vacation-201309 | xz -3 | gpg --symmetric --cipher-algo TWOFISH --digest-algo SHA512 --no-secmem-warning --yes --batch --passphrase-file /vault/keys/back_keyfile -o /vault/backup/upload/vacation-201309.tar.xz.gpg

TWOFISH is a 256-bit cipher which means, that it can only use a keyfile not bigger than,

openssl rand -base64 256:

3zXeZC/XWC1h1lxre88gzkhCZqk6tV7YKCg9HiKDLrooEDYkvwYXQ5LMBLSFdpYr
c2KAP10aq6pfEi4YeL7llQXfd47qXsEDi8nOpBpPRALxv2NYE4qjZC3sTPe+d1ue
cbFM18BmxHN0094YotLBD+6cQIfZyU8GVLLHx8iH2jf48+7QuXigqWW1oT33BPbQ
zrlND50ZFeGNYo7woIRpSvt8KeBm8t75jVEqXIzA2Zei0r9Xsx0mu828t0wZ6mGL
hkj4B5M56eJzFUCFG207Mf/bXvV5X7Pz6W72Y8nhjAtkumdAsEb0Vc0iIHJ64mfH
XWEfs/1T3n2F8/kxASIvPQ==

At least that's how I understand it.

My question is, how would GPG behave, if I pass a bigger key file to it like 

openssl rand -base64 512:

P0MzGpZItSu6fKObtJvAx1fLRxPBK/pOIjR9Yv+mCrHLlit7ksHOjif6ln32lXl3
8g/zxdQc39kanAproaOzZ1ulebxbfK1Bi6/OfwhdP1HF61nWBZb03TDtdNNXEDFW
9lAN6kHUUctpY9PhFCv2AmoKSKzv1HsAGkrhqslO4E+3sIlGgVLg69qKHE9yQJSX
s5xhXKTcAcaVZ++HwuTTvIduf3sc2J+BEDzpqrAwES2hV5gFwnFFA6G0md31VwEI
9wf22p07qbOrRryV/0WZUNZfOuZ5g/JgrqhRgq53lK0VHvyRkNjMlx7BW4n3Y/0y
5Lgve8Q89Cx5jwbxPcBnXW5h4SWLFa8bSLrGrn/eDH+F1mA5BbU+3IrBdLgivz0u
Unr+jLD3FbBOv/8jRAyp/iOwMmOw9welTu/mcEEa20gyupeJXxAZaVrNfWdWVORi
PdjW5vR9Rn/NLh6fV46+E39dgTn4TBp/v9h+LZpiVK3nNkry+as9vH73o+nFIe8Q
H/UkchDqmIBLntKc9rBZQrkx8NOzruoWGJoFE/Wb23AHN7RNyYgVgvZTy5QWhILz
CW/mzwMQYAuLbFfnY4cgDs9zLMo4OqFGUmbgbnXO9KbYgsplU2aps9JoOjyWCchm
uWYRNAGWrgdfl8vIaxMz1WUwWJFDxyNrANPRiPFQTUg=

Will it just take the first 256 characters and ignore the rest?

royskatt
  • 1,190
  • 2
  • 15
  • 35
  • 1
    You seems to know openssl commands - why did not you try to do as you ask? – Oleg Estekhin May 26 '14 at 17:49
  • 1
    Hm, my question is rather towards the gpg-implemantation of it. How can I check that with openssl? – royskatt May 26 '14 at 18:28
  • Well, **TRY** and don't forget to use bits instead of bytes. – Maarten Bodewes May 26 '14 at 20:18
  • Ok, I made a key with 256 characters, encrypted a file. Afterwards I added another character to the same keyfile, which now had 257 characters, and the same until 260 characters. The SHA1 sum was always different. So how is this 256 encryption working, since it takes keys longer than 256 characters, what is the limitation for keyfiles? – royskatt May 26 '14 at 20:21
  • Ok, so my question should rather be: what is the limitation in characters for a TWOFISH key file? – royskatt May 26 '14 at 20:23

1 Answers1

1

You are using the random as input as a passphrase. Only the first line is used. So you are not generating the key at all, the key is generated using the S2K algorithms, using just the first line.

Note that a 256 bit key does not consist of 256 "characters" or bytes.

Community
  • 1
  • 1
Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
  • Sorry for the many edits, I've had too little to eat... amending. – Maarten Bodewes May 26 '14 at 20:34
  • Why is then the sha1-sum not the same if I encrypt the same file once with a 256-character keyfile and afterwards add another character at the end of the same keyfile. If only the first line was used, the change at the end of the keyfile shouldn't make any difference - but it does. – royskatt May 26 '14 at 20:47
  • 1
    Probably the cause of a random IV (Initialization Vector). – Maarten Bodewes May 26 '14 at 21:13
  • 1
    Note that ciphertext is supposed to look random. If not for a static IV you could easily distinguish ciphertexts that are equal or that start with the same plaintext, leaking information. – Maarten Bodewes May 26 '14 at 21:20