Difference between OpenPGP symmetric encryption and AES-256?

Question

I would like to understand the difference between: OpenPGP symmetric encryption and AES-256 using Winzip/7-zip?

I mean if you encrypt a file with an OpenPGP program like GnuPG, using AES-256 symmetric encryption. And do the same with Winzip/7-zip using AES-256. What is the difference?

[I am not asking about the asymmetric encryption in OpenPGP with public-private keys]

Thanks.

Answer 1

OpenPGP is a standard defining a message format. That message format is fairly complex, but in short, it contains:

• Which algorithm it's using, if any
• Any required parameters for that algorithm (e.g. nonces)
• The (encrypted) message body
• Some other metadata which isn't relevant here

OpenPGP is, notably, not an encryption algorithm. It can use encryption (and that's its whole raison d'être, so it normally does) but the algorithm it uses is variable.

AES-256, on the other hand, is a specific algorithm. It takes as input a secret key and a message, and it encrypts that key with that message.

AES-256 is one of the many encryption algorithms that the OpenPGP standard supports.

Encrypting something with AES-256 and the same key with OpenPGP is going to lead to the same ciphertext (encrypted text) as using any other software. However, there are two things to note:

1. Bad implementations of AES do exist, and can be exploited, depending on context. Bad usages also exist; for example, the AES mode can be any number of things -- ECB, CBC, GCM -- and picking the wrong one could break your security.
2. Because they're in different formats, the files produced by telling 7zip to encrypt a zipfile versus telling OpenPGP to encrypt a message will likely be different. However, this has nothing to do with their implementation of AES-256; as long as it's not broken, it'll still produce the same ciphertext. It's just represented differently.