I have a couple of questions on the security of gpg/gpg2 using symmetric encryption. They are (I imagine) very basic, so apologies if they are documented somewhere. The thing is, I don't know what to search for to find the answers.
Using gpg2 in the following way:
gpg2 -c file.txt
only encrypts the file using the default cipher (CAST5) using the key I supply on
stdin
only, and has nothing whatsoever to do with my RSA/SHA keys for my user, i.e. decrypting the file using gpg2 on any other machine with any other user would be absolutely fine? (I imagine getting it to sign the file goes into the nitty-gritty of this, but I have no interest in that.)- The man page says that using the
--cipher-algo
argument violates the OpenPGP standard; why? What's wrong with me setting it to a different cipher? - I have this (probably pathetic) feeling that AES256 is the way to go for maximum security; are there any significant differences, or things I should be aware of, in the security between it and CAST5?
- Why sign files?
Any help would be much appreciated!