6

I have a use case where I want to commit symmetrically encrypted source code using GnuPG (think of Coursera assignments for backup and collaboration). I encrypt/decrypt all sources in a batch with a script and was wondering, why the output is not stable.

So basically, why does

echo "plain text" | gpg --armor --symmetric --cipher-algo AES256

with password secret yield different cipher texts with each call? (Surely enough, this doesn't affect the decryption – different cipher texts may decrypt back to the same plain text.) I am not experienced with crypto algorithms, but skimming the Wikipedia article it seems the algorithm is deterministic.

So in short, my questions are:

  1. Is this behaviour a property of AES or am I using GnuPG incorrectly?
  2. If the former is the case, are there other symmetric crypto algorithms which are better suited for this use case?
rdanitz
  • 61
  • 4

3 Answers3

9

Usually, symmetric encryption starts with a random initialization vector (IV). OpenPGP uses a slightly different cypher feedback mode with an all-zero IV, but the first two blocks are random.

Because of this, also the symmetric encryption is not deterministic; you cannot compare the plain text by comparing the encrypted message, the encrypted result is not deterministic any more.

Community
  • 1
Jens Erat
  • 23,816
  • 12
  • 75
  • 96
5

In addition to the encryption initialization vector (IV), the symmetric key derivation uses a random salt to protect against offline dictionary or rainbow table attacks. Specifically, the Iterated and Salted S2K (String-to-Key) packet contains an 8-byte salt.

Community
  • 1
frasertweedale
  • 171
  • 6
3

Approaching your second question, rather than using a different crypto algorithm, you can replace gpg in symmetric mode with openssl:

echo "plain text" | openssl enc -aes-128-cbc -nosalt -pass pass:secret

Beware:

  • For sample purposes, I am providing the passphrase in the command line. See PASS PHRASE ARGUMENTS in openssl(1) for better ways of providing it.

  • As we are explicitely disabling the salt, you should a stronger passphrase that is not reused, I would use a long randomly generated passphrase that changes for each assignment,

Ángel
  • 18,188
  • 3
  • 26
  • 63