Re: GPG Question on Symmetric Key Input

On May 26, 9:40 am, Tom St Denis <t...@xxxxxxx> wrote:
On May 26, 9:32 am, Globemaker <alanfolms...@xxxxxxxxxxxx> wrote:

Thank you Jeffrey.  I also concluded that it is not allowed to input a
symmetric key into GPG. I tried it last year and this year my searches
showed that other people also could not control the key bits. OpenSSL
does provide this capability.

In sci.crypt it is appropriate to discuss THE REASON for designing GPG
with that "feature" which is not mentioned in the documentation.  One
can speculate several altruistic or sinister REASONS that the key is
untouchable. Here is a list:

1 Requiring a password to generate a key helps the goon squads to
guess the key.
2 Keys are too important to let stupid people mishandle them.
3 Symmetric keys are more powerful than asymmetric and goons are
preventing cascading encipherments.
4 It's for the children, the happy ones, to be insulated from tedious
operations, to use short passwords that are easy to remember and easy
to write on little papers to stick on the monitor.
5 Export permission from Commerce for GPG is easy to get if the Gnu
staff compromises on security.

6.  It's not useful to allow the user to specify a key.

I see nowhere in your discussion you mentioning a desire to also input
the IV.  That's probably because you don't have a clue about
cryptography, like most users of GPG which is why such things are
handled [properly] internally.


7 Τηε Βυση-Οβαμα ωαρ cριμιναλ τεαμ ηοπεσ το πρεψεντ Ιραθι Πατριοτσ
φρομ ηαψινγ στρονγ cρξπτο βεινγ δελιψερεδ το τηεμ ον α σιλψερ πλαττερ.