Mailing List Archive

On 29 Oct 2021, at 10:17, Chris Taylor <chris@christaylordeveloper.co.uk> wrote:
> I am developing a backup process for personal files, on USB thumb drive. I tar and zip my files (30GB) then encrypt them with:
>
> gpg --no-symkey-cache --symmetric --cipher-algo AES256 my-backup.tar.gz
>
> I copy my-backup.tar.gz.gpg to my USB thumb drive. I am using Ubuntu so the USB drive is formatted to Ext4.
>
> I try to decrypt with:
>
> gpg --output my-backup.tar.gz --decrypt my-backup.tar.gz.gpg
>
> and get the following error:
>
> gpg: AES256 encrypted data
> gpg: encrypted with 1 passphrase
> gpg: block_filter 0x0000556d112aa1e0: read error (size=13328,a->size=13328)
> gpg: WARNING: encrypted message has been manipulated!
> gpg: block_filter: pending bytes!
>
> I have gpg version 2.2.19, libgcrypt 1.8.5. Without encryption this process has worked perfectly well many times.

I'd first check with something like

openssl sha256 my-backup.tar.gz

prior to copy / post copy if your thumb drive is good.

Dw.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Thank you - I will check.

Almost certainly the hash of my .gpg file will be different after it has
passed through the Thumb Drive.  However, no other files on the Thumb
Drive get corrupted.  So, my question will probably become how can I
protect my .gpg file when it is moved off my laptop onto other meda?

Chris.


On 29/10/2021 12:05, Dirk-Willem van Gulik wrote:
> On 29 Oct 2021, at 10:17, Chris Taylor <chris@christaylordeveloper.co.uk> wrote:
>> I am developing a backup process for personal files, on USB thumb drive. I tar and zip my files (30GB) then encrypt them with:
>>
>> gpg --no-symkey-cache --symmetric --cipher-algo AES256 my-backup.tar.gz
>>
>> I copy my-backup.tar.gz.gpg to my USB thumb drive. I am using Ubuntu so the USB drive is formatted to Ext4.
>>
>> I try to decrypt with:
>>
>> gpg --output my-backup.tar.gz --decrypt my-backup.tar.gz.gpg
>>
>> and get the following error:
>>
>> gpg: AES256 encrypted data
>> gpg: encrypted with 1 passphrase
>> gpg: block_filter 0x0000556d112aa1e0: read error (size=13328,a->size=13328)
>> gpg: WARNING: encrypted message has been manipulated!
>> gpg: block_filter: pending bytes!
>>
>> I have gpg version 2.2.19, libgcrypt 1.8.5. Without encryption this process has worked perfectly well many times.
> I'd first check with something like
>
> openssl sha256 my-backup.tar.gz
>
> prior to copy / post copy if your thumb drive is good.
>
> Dw.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On 10/29/21 07:30, Chris Taylor wrote:
> Thank you - I will check.
>
> Almost certainly the hash of my .gpg file will be different after it has
> passed through the Thumb Drive.  However, no other files on the Thumb
> Drive get corrupted.  So, my question will probably become how can I
> protect my .gpg file when it is moved off my laptop onto other meda?
>
> Chris.

If the hash is changing the file is getting corrupted, even if by only
one bit.

--
Shawn K. Quinn <skquinn@rushpost.com>
http://www.rantroulette.com
http://www.skqrecordquest.com

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

12021/07/21 01:78.66 ?????, Chris Taylor <chris@christaylordeveloper.co.uk> ??????:
> Hello Group,
>
> I am developing a backup process for personal files, on USB thumb
> drive.  I tar and zip my files (30GB) then encrypt them with:
>
> gpg --no-symkey-cache --symmetric --cipher-algo AES256 my-backup.tar.gz
>
> I copy my-backup.tar.gz.gpg to my USB thumb drive.  I am using Ubuntu so
> the USB drive is formatted to Ext4.
>
> I try to decrypt with:
>
> gpg --output my-backup.tar.gz --decrypt my-backup.tar.gz.gpg
>
> and get the following error:
>
> gpg: AES256 encrypted data
> gpg: encrypted with 1 passphrase
> gpg: block_filter 0x0000556d112aa1e0: read error (size=13328,a->size=13328)
> gpg: WARNING: encrypted message has been manipulated!
> gpg: block_filter: pending bytes!
>
> I have gpg version 2.2.19, libgcrypt 1.8.5.  Without encryption this
> process has worked perfectly well many times.
>
> Any advice greatly appreciated.
>
> Chris.

Do you get the same error if you try to decrypt it before moving the file? I tried with the exact same arguments with gpg 2.3.1, libgcrypt 1.9.4 and everything worked well (though I didn't try moving the files to another medium).

I also wonder if you're waiting until the file has been fully written (you can ensure this by running `sync` and waiting until it has returned) before trying to decrypt?

- Chiraag
--
?????? ??????
Pronouns: he/him/his

The hash of my gpg file on my laptop is different to it's hash on the
thumb drive.  For comparison, the hash of the tar.gz file (i.e. before
encryption) is the same before and after I copy it to the thumb drive.

Are there any techniques I should be using to protect my gpg file?

Chris Taylor


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

On Samstag, 30. Oktober 2021 14:24:58 CEST Chris Taylor wrote:
> The hash of my gpg file on my laptop is different to it's hash on the
> thumb drive.

If the hash of any file on your laptop differs from the hash of the same file
after copying it to the thumb drive this can only mean two things:

1. Either you made something wrong when you copied the file to the thumb
drive, e.g. you unplugged the thumb drive before the file was actually fully
written to the thumb drive.
Solution: Always make sure to "eject" the thumb drive before unplugging it.

2. Or your thumb drive has a hardware error. Or it is a forged thumb drive
which claims to be larger than it actually is. There are loads of forged thumb
drives sold on the Internet. Don't assume you are making a bargain when you
are offered a large thumb drive to an insanely low price.
Solution: Destroy the thumb drive physically (to make sure nobody can get
access to the data stored on it) and then throw it away.

> For comparison, the hash of the tar.gz file (i.e. before
> encryption) is the same before and after I copy it to the thumb drive.
>
> Are there any techniques I should be using to protect my gpg file?

Yes, but those "techniques" are not special for gpg files. They apply to any
files. The "techniques" are:
* Don't unplug the thumb drive before all data was fully written to it.
* Don't use thumb drives with hardware defects or with forged size.
* If you want to be really sure that a file was transferred correctly to the
thumb drive, then unplug the thumb drive, re-plug it and then compare the
hashes of the file.

Regards,
Ingo