[Gpg4win-users-en] How to do symmetric encryption in GPG4win through the GUI?
Frank Siebenlist
frank.siebenlist at 23andme.com
Tue Aug 16 20:26:24 CEST 2016
We’ve been trying to test the symmetric key encryption in file system explorer with "gpg4win-3.0.0-beta181.exe” on windows 10,
but it seems to hang after entering the password.
(deselected Sign as, Encrypt for me, Encrypt for others - only selected Encrypt with password)
I do not want to spend too much time debugging and this may not be the right mailing list, but some trivial issues could be windows 10 support?
Thanks, Frank.
"Security at the expense of usability comes at the expense of security.” — Avi Douglen
> On Aug 16, 2016, at 9:01 AM, Frank Siebenlist <frank.siebenlist at 23andme.com> wrote:
>
> Hi Andre,
>
> Thanks very much for the quick and detailed response!
>
> I’ve added replies in-line.
>
>
>> On Aug 15, 2016, at 11:53 PM, Andre Heinecke <aheinecke at intevation.de> wrote:
>>
>> Hi,
>>
>> On Monday 15 August 2016 16:34:11 Frank Siebenlist wrote:
>>> We’re trying to exchange encrypted files between Macs and PCs, using
>>> MacGPG/GPGTools and Gpg4Win.
>>>
>>> Encryption is through symmetric encryption with a passphrase.
>>> (please refrain from telling me to use public key encryption ;-) )
>>
>> Could you roughly outline what your use case for this is?
>> We had a bit of a discussion if / how we should add symmetric encryption to
>> the UI and what the use cases for that could be.
>
>
> We’re a personal genetics company and share encrypted PII/PHI/anonymized phenotype/genotype data with our research partners.
> For the encryption, we (mostly) use PGP/GPG.
>
> The use of full-fledged PGP with public key certificates has been and remains a challenge for the non-security savvy researchers and even IT/Ops folks.
> (only a few month ago we were sent data encrypted with a partner’s public key accompanied by the associated private key in the clear… those were engineers with a CS degree…)
>
> When we have a simple collaboration, we try to establish a single symmetric key shared between the parties, and use that to encrypt/decrypt the shared files.
> It seems that the concept of a single shared secret is easier to comprehend by our users than public keys with certificates with trust levels with key servers with…
> For one-on-one collaborations the shared symmetric keys seem manageable by our users without much hand-holding.
>
> The integration with the Mac’s file manager (Finder) for symmetric encryption is fairly easy and intuitive, and our users have no issues with it.
> We now have a research partner that uses PCs, and I was hoping that a similar solution would exist… which brought me here ;-)
> I really would prefer to stay with the GPG code base if we can.
>
> We use secret managers (1PasswordTeams) to generate and manage the passphrases/shared-secrets.
>
> Hopefully that explains our use cases and requirements.
>
>
>>
>>> On the Mac we have the option to symmetrically encrypt/decrypt through the
>>> GUI, but on the PC, reading the docs, I cannot find that option in the GUI
>>> of Gpg4Win. (unfortunately, I have only access to a Mac but have to support
>>> PC users remotely…)
>>
>> The bad news is that currently Gpg4win-Stable does not have the option.
>>
>> The Good news is that our next major upgrade (3.0) will have that option:
>>
>> http://files.intevation.de/users/aheinecke/sigencfiles-new.png
>>
>> This is how the new Sign / Encrypt Files dialog looks like and there the
>> "Encrypt with password" checkbox enables symmetric encryption. If you disable
>> sign and "Encrypt for me" this results in Symmetric only encryption.
>>
>> The eta of that version is still a bit in the future (end of year) and
>> especially that dialog is likely to see some more changes regarding layout and
>> behavior.
>>
>> You can obtain the latest beta installers of gpg4win-3.0 from:
>>
>> https://wiki.gnupg.org/Gpg4win/Testversions
>
>
> I’ll check out the beta version. The screen shot shows a dialog similar to the Mac. Looks good!
>
> If it is “stable" in the sense of not crashing and doing what it supposed to do… I will probably expose our users to it - unless you recommend otherwise (?).
> (not so worried about changes in the dialog lay-out and such)
>
>
>>> The following thread from 2012:
>>> http://marc.info/?l=gpg4win-users-en&m=133614296410301
>>> seems to hint that you can only do that through the command line and not
>>> through the file-explorer integration.
>>>
>>> Is that still the case?
>>
>> For gpg4win-2.3.2 this is still the case. You could work around that if you
>> write a batch file that sets up the command line call and then configure windows
>> to associate .gpg files to be opened with that batch file as the passphrase
>> entry will be GUI.
>
>
> Understood.
> Unfortunately that only solves the decryption of files through the file manager and the encryption would have to be done through the CLI still - right?
>
>
> Regards, Frank.
>
> "The user's going to pick dancing pigs over security every time.” — Bruce Schneier
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20160816/4aba42c6/attachment.sig>
More information about the Gpg4win-users-en
mailing list