0

I've recently been playing around with GnuPG using a yubikey, and its very nice but I have some concerns I like to ask about.

PGP seems geard toward emails and short lived messages. Is the OpenPGP standard stable enough such that if i encrypt a file using GnuPG i will still be able to decrypt it 5 to 10 years from now?

I'm not asking about the long term strength of whatever crypto algorithm i choose to use with PGP but the stability of the standard and backward compatability.

In short, is PGP suitable for long term encrypted file storage? or is this bad practice?

Second, PGP seems bloated and alot of metadata is added into the files. Is there a way to use the raw ciphers such as say AES/RSA like you would if you did the encryption/signing in say PyCrypto

Since someone will mention it, I know and use VeraCrypt which would also be an option. But i like the simplicity of PGP for my particuler usecase.

Improve this question
2
  • If you think it's a bloated format don't use it? Currently you haven't included any information about how you do your thing so nobody is going to be able to tell you if you do something that adds extra metadata that could be avoided. As it has been around for a while its probably stable. If you include details about your particular usecase maybe someone could present an even easier alternative.
    – Seth
    Commented Feb 1, 2018 at 11:00
  • What is the metadata that you say is added to an encrypted pgp/gpg file? Looks like just the public salt, and the secret key (ID only?) needed to decrypt and that can be avoided by not using one (with -c).
    – Xen2050
    Commented Mar 10, 2018 at 4:58

1 Answer 1

Reset to default
0

PGP has been around for 27-odd years (since 1991), it's been extensively tested (including by governments trying to break it) and still works, good. You can't predict the future, but it's a safe bet it'll be around for another 5 or 10 years at least. It looks like a good practice.

Secure encryption isn't really a good DIY project. You could find the encryption ciphers yourself and attempt to use them directly, but there are tons of not very obvious mistakes that can drastically reduce security (like finding a good random number & key for one). Even OpenSSL's enc looks like it doesn't do a very good job (MD5 hash with iteration count fixed at 1).

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .