4

I want to encrypt a tar archive and optionally a block file system (akin to DMG image). Does anyone know the pros vs cons of encrypting each with OpenSSL vs GPG?

I ask because some have stated that the OpenSSL command line is malleable and prone to attack. Therefore GPG was recommended. I'm still unclear of the reasons why. I'm also confused because GPG is asymmetric and it's unclear of this requirement for encrypting a file that only one person needs to decrypt.

Your insight and/or pointers appreciated.

Nick

Nick
  • 247
  • 2
  • 5

1 Answers1

2

If you're just encrypting it for yourself, then I don't think there's any advantage to one or the other. In either case you have a secret key you need to protect.

If you're encrypting to send to someone else then I believe PGP is preferable because you never have to share the secret key needed to decrypt the data with the other person, though the other person's public key does need to be shared. Please understand that PGP is hybrid encryption, using both RSA and symmetric encryption (I would suggest you use AES).

Swashbuckler
  • 2,115
  • 8
  • 9
  • Thanks do you have an example of "If you're encrypting to send to someone else then I believe PGP is preferable because you never have to share the secret key needed to decrypt the data with the other person, though the other person's public key does need to be shared." – Nick Nov 02 '18 at 19:16
  • OpenSSL (typically) is just symmetric encryption. With symmetric encryption both the encrypter and decrypter need that secret key to perform their respective operations. With PGP the encrypter only needs the decrypter's public key, which is not a secret. The decypter does have a private key, which is secret. The public and private keys are related to one another and must be generated at the same time. – Swashbuckler Nov 03 '18 at 13:38