GPG encryption guide part 4 (symmetric encryption)


This GPG guide covers how to use the gpg command for simple yet strong symmetric encryption using various different block cipher algorithms.

Reading time:
5 min

No hassle encryption

Another type of cryptographic solution provided by Gnu Privacy Guard (GPG) is symmetric-key encryption, also known as block cipher based encryption.

The ciphers used for symmetric-key encryption use the same key for both the encryption and decryption stages.

This key is also called a shared secret.

The reason the ciphers are called block ciphers is because the data to be encrypted is encrypted in chunks or blocks.

If you just want to encrypt some files or data and don't want to set up a key pair (required for asymmetric encryption and digital signatures), then symmetric-key based cryptography is your answer.

Below, we'll cover several of the available ciphers including: AES256, TWOFISH, and CAMELLIA256.

To see a list of available ciphers, run

gpg --version

the part your looking for uses the word "Cypher" rather than "cipher" (both are valid English, cipher is the American spelling).

You'll see something like this:

        CAMELLIA192, CAMELLIA256

Each time you use a symmetric cipher to encrypt data, you'll be asked to supply a passphrase (twice to confirm it).

This passphrase is used to help generate a key which is then used with the chosen algorithm to encrypt the data.

It goes without saying (but we'll say it anyway) that you should use a strong passphrase and don't forget what you chose!.

When you get around to decrypting the data, you'll be prompted for that passphrase.

Note that to tell the gpg command that you want to use symmetric-key encryption, use the --symmetric (or -c) option.

We'll be using --symmetric in each of the examples below.

AES256 cipher

If you're not sure which cipher to use, AES is the safe choice as it's recommended by the US Government and the most commonly used (note that this does not necessarily mean it is the strongest and fastest in all cases).

AES has a block size of 128bits.

The 256 in the name is in relation to the key size of AES256, which is of course 256bits (32 bytes).

To encrypt data using 256 bit AES, use the --cipher-algo AES256 option. For example to encrypt a file called file.txt using this cipher, use:

/bash gpg --symmetric --cipher-algo AES256 file.txt

This will produce file.txt.gpg containing the encrypted data.

You can call the resulting file whatever you like by using the -o (or --output) option.

gpg -o filename --symmetric --cipher-algo AES256 file.txt

To decrypt file.txt.gpg or whatever you called it, run:

gpg -o original_file.txt -d file.txt.gpg

Twofish cipher

Twofish has a block size of 128bits. In gpg, if TWOFISH is used as the algorithm, it uses a key size of 256bits (32 bytes)

To encrypt using the Twofish cipher (which is considered strong), use the following command:

gpg --symmetric --cipher-algo TWOFISH file.txt

To decrypt, use the command:

gpg -d file.txt.gpg

CAMELLIA256 cipher

CAMELLIA also has a block size of 128bits and if you use CAMELLIA256 as your cipher algorithm, you'll be using a key size of 256bits (32 bytes). To encrypt using this cipher, use the command:

gpg --symmetric --cipher-algo CAMELLIA256 file.txt

To decrypt, use:

gpg -d file.txt.gpg

CAST5 - The default GPG cipher

If you don't specify what algorithm to use then CAST5 will be used by default. CAST5 has a block size of 64 bits. This is a decent cipher which is considered safe to use by some, for example the Canadian government.

However, many top cryptographers such as Bruce Schneier would recommend that its better to use a cipher with a bigger block size than 64 bits.

So, if you wish to choose an even better algorithm such as Twofish or AES256 which both have a block size of 128bits, you can configure the default by editing ~/.gnupg/gpg.conf and adding a line like the one below, replacing "NAME" with the appropriate algorithm name from the above "Cypher" list:

cipher-algo NAME

so to make AES256 your default, you would add the below line to ~/.gnupg/gpg.conf

cipher-algo AES256

If you stick with CAST5 or any cipher with a block size less than or equal to 64bits (3DES is another example of a 64bit block size), you should also use the --force-mdc option. This forces "the use of encryption with a modification detection code". Without the use of an mdc, "the encrypted message becomes vulnerable to a message modification attack" according to the gpg man page.

So just to be clear: for ciphers with block size 64bits or less, you will get the following warning when decrypting unless you use the --force-mdc option:

gpg: WARNING: message was not integrity protected

You could add force-mdc to your ~/.gnupg/gpg.conf so you don't have to specify --force-mdc on the command line each time (--force-mdc behaviour is already being done for ciphers with larger block sizes, so it will just be ignored if used with them). Assuming you've not touched your defaults in ~/.gnupg/gpg.conf, to encrypt a file called file.txt using the CAST5 cipher you'll just need to use:

gpg --symmetric --force-mdc file.txt

This will produce file.txt.gpg containing the encrypted data. As usual, you can call the resulting file whatever you like by using the -o (or --output) option.

So to call it file.enc, you'd use:

gpg -o file.enc --symmetric --force-mdc file.txt

Then to decrypt it you just need to use the -d option along with whatever your encrypted file is called (for example file.txt.gpg).

gpg -o original_file.txt -d file.txt.gpg

Note that if you don't use -o to output to file, the decrypted data gets sent to standard out, which unless you redirect it to a file or pipe it to another program, will end up being displayed on your screen.

User friendly data format

If you need to copy and past your encrypted data (for example into an email), then use the --armor option.

This will produce ASCII armored text (base64 encoded) which is very portable. Taking AES256 as an example, you would simply use it like this:

gpg --armor --symmetric --cipher-algo AES256 file.txt
`By default, this will produce file.txt.asc as the encrypted ascii armored file. You would then decrypt normally using something like:`
gpg -o file.txt -d file.txt.asc

Digitally signing symmetrically encrypted data

If you have set up a public/private key pair, you can use your private key to sign the data before symmetrically encrypting it.

For information about how to create your own public/private key pair, see GPG Encryption Guide - Part 1.

To learn more about digital signatures, see GPG Encryption Guide - Part 3.

For example, to sign and symmetrically encrypt file.txt using AES256, use the --sign option like this:

gpg --sign --symmetric --cipher-algo AES256 file.txt
`Then to verify the signature and decrypt, you would use:`
gpg -d file.txt.gpg

(The -d option will automatically try to verify any signature and also decrypt).

Thanks to everyone who worked on GNU Privacy Guard (the GNU Projects implementation of the OpenPGP standard)

Thank you for reading this article.
Please share if you liked it.