Mailing List Archive

On Tue, 9 May 2023 17:48, Dim Xr said:

> same size? Is there any way to have FPE (Format Preserving Encryption) via
> GPGME?

No. GPGME uses the OpenPGP and S/MIME protocols (gpg and gpgsm) and is
not suitable for your task. You need to use a low level crypto library
for that (e.g. Libgcrypt) and decide which algorithm, mode and
additional information you use. For example it is possible to create an
IV or nonce from the block number but there are many security pitfalls.
You may want to read some papers about crypto file systems and look at
implementations for Linux and *BSD.

In GnuPG we have a disk encryption tools (g13) but that takes only care
of encrypting the actual symmetric encryption key. Everything else is
left to dmcrypt.


Shalom-Salam,

Werner


--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein

Thank you Werner.

You need to use a low level crypto library
> for that (e.g. Libgcrypt) and decide which algorithm, mode and
> additional information you use.
>

OK I'll check it out. Searching on the mailing list responses I
came across with Libgcrypt again, but I've read that it is quite
low-level library so you have to be some kind of guru to use it. :-)
I'm far from a security expert, that's why I needed a more
higher level solution for this. But definitely I'll give it a shot.

Do you know if OpenSSL is suitable for this task?

Dim.

On Wed, 10 May 2023 14:43, Dim Xr said:

> I'm far from a security expert, that's why I needed a more
> higher level solution for this. But definitely I'll give it a shot.

Use DMCrypt under Linux or Veracrypt etc. Disk encryption is a
complicated matter and you definitley should have some experience in
this area.

> Do you know if OpenSSL is suitable for this task?

The same as Libgcrypt is.


Shalom-Salam,

Werner

--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein