-1

As far as I understand what defines an AES is you use the same private key for encrypting and decrypting.

Do all GPG, PBKDF2 and SHA256 lay under this category?

PBKDF2 I know for a fact it is, but what is the differences between them?

thanks

RollRoll
  • 183
  • 1
  • 1
  • 7
  • Are you talking about [AES, which is a specific encryption algorithm](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) or about [symmetric-key algorithms](https://en.wikipedia.org/wiki/Symmetric-key_algorithm)? – A. Darwin Aug 08 '16 at 16:27
  • I get the impression OP thinks AES is a generic term for all symmetric encryption instead of one specific family of algorithms that implement it. It's not generic that way. – infixed Aug 08 '16 at 17:06

3 Answers3

3

AES is a symmetric encryption algorithm. This uses a secret key, to encrypt and decrypt information.

GPG is the open source implementation of the PGP protocol. This is used to do assymmetric encryption. Everyone has your public key and only you have your private key. Information encrypted with the public key is for your eyes only. Only you with your private key can decrypt the information.

SHA is a hashing algorithm. It is a one way function to generate a kind of fingerprint from information.

PBKDF is "password based key derivation function". This is a one way function that creates symmetric key from a password you know. This can be used to generate the key for AES.

This is only a short overview. For more information you should maybe start with wikipedia...

cornelinux
  • 1,993
  • 8
  • 11
1

As far as I understand what defines an AES is you use the same private key for encrypting and decrypting.

No. Encryption algorithms using the same, private key for encrypting and decrypting are symmetric-key algorithms. AES is an example of this, but there are many other algorithms belonging to this category, such as RC4, DES, etc.

As for the differences between GPG, PBKDF2, and SHA-256, I agree with the previous answers.

A. Darwin
  • 3,562
  • 2
  • 15
  • 26
0

GPG is a general tool that implements many cryptographic protocols. In particular, it can do AES crypto with, e.g.

gpg --symmetric --cipher-algo AES256
gpg --decrypt

SHA265 is a (secure) hash algorithm. Given an input, create a random-looking output, called the hash value. SHA alone cannot be used for encryption, because there is no (known) way to decrypt: you cannot get back the input from the hash value.

PBKDF is a key derivation function, whose primary purpose is to make it harder (time-wise) to try out many passwords. E.g., if trying out a single password takes 0.1s or 0.1ms, there is little difference to the user (who knows the password), but it might make the job of the attacker 1000 times harder.

Things like PBKDF and SHA might go on under the hood during AES crypto. If you only need to encrypt/decrypt something, you should use a reputable tool, such as GPG, and trust its defaults. If you want to tweak these defaults, you should really invest some time in first understanding all these terms, which isn't automatically a good use of your time. Also, use a good password.

Matei David
  • 371
  • 3
  • 7