Mailing List Archive

Question about symmetric AES cipher in GnuPG
Hi Werner and all,

I was wondering why the binary file size when using symmetric AES
encryption with GnuPG is larger than with other apps, I have tested
so far.

As an example encrypting a text file containing 'Hello World':

gpg --symmetric --cipher-algo AES256 hw.txt gives me a file
size of 87 Bytes.

Doing the same with openssl, for example:

openssl enc -aes-256-cbc -pbkdf2 -in hw.txt -out hw.enc

results in 32 Bytes.

Can you please, or somebody else, explain in laymen terms why this is so?

Regards
Stefan

--
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
certified OpenPGP key blocks available on keybase.io/stefan_claas


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Question about symmetric AES cipher in GnuPG [ In reply to ]
Hi,

On Sun, Oct 27, 2019 at 08:25:10PM +0100, Stefan Claas via Gnupg-users wrote:
>Can you please, or somebody else, explain in laymen terms why this is
>so?

Simply put, gpg and openssl enc don’t use the same file formats.
Different formats may encode the same data differently, so you can’t
expect the two outputs to be similar or to be of a similar size.

In GnuPG’s case, the format is the one defined by the RFC 4880 standard
[1]. I don’t know what is the format used by OpenSSL, but some of the
differences with GnuPG’s format include:

* GnuPG adds a “Modification Detection Code” to the encrypted data;

* GnuPG also adds some metadata, including the name of the original
file.

Those differences alone already explain easily why the file generated by
GnuPG is bigger.

Cheers,

- Damien


[1] https://tools.ietf.org/html/rfc4880
Re: Question about symmetric AES cipher in GnuPG [ In reply to ]
Damien Goutte-Gattat wrote:

> Hi,
>
> On Sun, Oct 27, 2019 at 08:25:10PM +0100, Stefan Claas via Gnupg-users wrote:
> >Can you please, or somebody else, explain in laymen terms why this is
> >so?
>
> Simply put, gpg and openssl enc don’t use the same file formats.
> Different formats may encode the same data differently, so you can’t
> expect the two outputs to be similar or to be of a similar size.
>
> In GnuPG’s case, the format is the one defined by the RFC 4880 standard
> [1]. I don’t know what is the format used by OpenSSL, but some of the
> differences with GnuPG’s format include:
>
> * GnuPG adds a “Modification Detection Code” to the encrypted data;
>
> * GnuPG also adds some metadata, including the name of the original
> file.
>
> Those differences alone already explain easily why the file generated by
> GnuPG is bigger.
>
> Cheers,
>
> - Damien
>
>
> [1] https://tools.ietf.org/html/rfc4880

Thanks for the explanation! I will then check the RFC to see if I can
find how many bytes the 'Modification Detection Code' and the meta data
consumes.

Regards
Stefan

--
box: 4a64758de9e8ceded2c481ee526440687fe2f3a828e3a813f87753ad30847b56
certified OpenPGP key blocks available on keybase.io/stefan_claas


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Question about symmetric AES cipher in GnuPG [ In reply to ]
On 10/27/19 3:25 PM, Stefan Claas via Gnupg-users wrote:
> gpg --symmetric --cipher-algo AES256 hw.txt gives me a file
> size of 87 Bytes.
>
> Doing the same with openssl, for example:
>
> openssl enc -aes-256-cbc -pbkdf2 -in hw.txt -out hw.enc
>
> results in 32 Bytes.
>
> Can you please, or somebody else, explain in laymen terms why this is so?

My guess is, the gpg one also is doing MDC, so you'd have to add the
equivalent HMAC code to openssl, but that's just a complete guess.  
Re: Question about symmetric AES cipher in GnuPG [ In reply to ]
On Wed, 30 Oct 2019 17:19, Brian Minton said:

> My guess is, the gpg one also is doing MDC, so you'd have to add the
> equivalent HMAC code to openssl, but that's just a complete guess.  

The OpenPGP MDC is a SHA-1 hash appended to the plaintext and then
encrypted along with the data. The usual OpenPGP packet structure is
used; details are in RFC-4880. Further OpenPGP's symmetric encryption
uses a random session key and encrypts that session key using the
passphrase as key. This allows to have several independent passphrases
or public keys for the same data.

You can't easily implement that with OpenSSL in a script.


Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.