[Gpg4win-users-en] How to do symmetric encryption in GPG4win through the GUI?

Frank Siebenlist frank.siebenlist at 23andme.com
Tue Aug 16 18:01:19 CEST 2016 

Hi Andre,

Thanks very much for the quick and detailed response!

I’ve added replies in-line.


> On Aug 15, 2016, at 11:53 PM, Andre Heinecke <aheinecke at intevation.de> wrote:
> 
> Hi,
> 
> On Monday 15 August 2016 16:34:11 Frank Siebenlist wrote:
>> We’re trying to exchange encrypted files between Macs and PCs, using
>> MacGPG/GPGTools and Gpg4Win.
>> 
>> Encryption is through symmetric encryption with a passphrase.
>> (please refrain from telling me to use public key encryption ;-) )
> 
> Could you roughly outline what your use case for this is?
> We had a bit of a discussion if / how we should add symmetric encryption to
> the UI and what the use cases for that could be.


We’re a personal genetics company and share encrypted PII/PHI/anonymized phenotype/genotype data with our research partners.
For the encryption, we (mostly) use PGP/GPG.

The use of full-fledged PGP with public key certificates has been and remains a challenge for the non-security savvy researchers and even IT/Ops folks.
(only a few month ago we were sent data encrypted with a partner’s public key accompanied by the associated private key in the clear… those were engineers with a CS degree…)

When we have a simple collaboration, we try to establish a single symmetric key shared between the parties, and use that to encrypt/decrypt the shared files.
It seems that the concept of a single shared secret is easier to comprehend by our users than public keys with certificates with trust levels with key servers with…
For one-on-one collaborations the shared symmetric keys seem manageable by our users without much hand-holding.

The integration with the Mac’s file manager (Finder) for symmetric encryption is fairly easy and intuitive, and our users have no issues with it.
We now have a research partner that uses PCs, and I was hoping that a similar solution would exist… which brought me here ;-)
I really would prefer to stay with the GPG code base if we can.

We use secret managers (1PasswordTeams) to generate and manage the passphrases/shared-secrets.

Hopefully that explains our use cases and requirements.


> 
>> On the Mac we have the option to symmetrically encrypt/decrypt through the
>> GUI, but on the PC, reading the docs, I cannot find that option in the GUI
>> of Gpg4Win. (unfortunately, I have only access to a Mac but have to support
>> PC users remotely…)
> 
> The bad news is that currently Gpg4win-Stable does not have the option.
> 
> The Good news is that our next major upgrade (3.0) will have that option:
> 
> http://files.intevation.de/users/aheinecke/sigencfiles-new.png
> 
> This is how the new Sign / Encrypt Files dialog looks like and there the
> "Encrypt with password" checkbox enables symmetric encryption. If you disable
> sign and "Encrypt for me" this results in Symmetric only encryption.
> 
> The eta of that version is still a bit in the future (end of year) and
> especially that dialog is likely to see some more changes regarding layout and
> behavior.
> 
> You can obtain the latest beta installers of gpg4win-3.0 from:
> 
> https://wiki.gnupg.org/Gpg4win/Testversions


I’ll check out the beta version. The screen shot shows a dialog similar to the Mac. Looks good!

If it is “stable" in the sense of not crashing and doing what it supposed to do… I will probably expose our users to it - unless you recommend otherwise (?).
(not so worried about changes in the dialog lay-out and such)


>> The following thread from 2012:
>> http://marc.info/?l=gpg4win-users-en&m=133614296410301
>> seems to hint that you can only do that through the command line and not
>> through the file-explorer integration.
>> 
>> Is that still the case?
> 
> For gpg4win-2.3.2 this is still the case. You could work around that if you
> write a batch file that sets up the command line call and then configure windows
> to associate .gpg files to be opened with that batch file as the passphrase
> entry will be GUI.


Understood.
Unfortunately that only solves the decryption of files through the file manager and the encryption would have to be done through the CLI still - right?


Regards, Frank.

"The user's going to pick dancing pigs over security every time.”  — Bruce Schneier

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20160816/68c03eb2/attachment.sig>

More information about the Gpg4win-users-en mailing list