gpg is a piece of junk

submitted by trident765 from (self.programming)

I want to encrypt some personal files so that if someone gets ahold of my laptop, at least they can't access these files. The tool that is supposed to do this is software called gpg.

I type "gpg -c filename" and it creates an encrypted version of the file called filename.gpg - so far so good.

But then to decrypt the file, I type "gpg -d filename.gpg", and it decrypts the file WITHOUT prompting me for a password. After looking into this, I found that the default behavior of gpg is that after you encrypt a file, it automatically stores the password in some location on your computer so that you don't have to type it again when you want to decrypt. WHAT STUPID ASSHOLE THOUGHT TO MAKE THIS THE DEFAULT BEHAVIOR.

I found methods that purport to turn off this behavior, for example the ones listed here:

https://unix.stackexchange.com/questions/193588/how-can-i-tell-gpg-that-i-do-not-want-password-caching-for-a-specific-program/193595

But every time I try out one of these methods, it doesn't work. Presumably because the developers keep changing how to turn it off.

There should just be a simple way of encrypting a file, where you give it a password, and it encrypts it, and you have the peace of mind of knowing that no one without the password can open it. There shouldn't be this crap that you have to turn off in order for it to work. And even if I fix this particular crap, how can I have the peace of mind of knowing that there is no other stupid crap that I didn't catch?

all 10 comments
sorted by:
top
newinsightfulfun

[–]package 5 insightful - 2 fun5 insightful - 1 fun6 insightful - 2 fun -  (0 children)

Spoiler many “sensible defaults” of common FOSS in many distributions are set up in ways that silently leak data or introduce other security issues, despite the maintainers acknowledging these issues and often even going so far as list proper defaults in their wikis or install guides.

[–]jaekwon 5 insightful - 1 fun5 insightful - 0 fun6 insightful - 1 fun -  (0 children)

Hey, agree with you; basically had the same thoughts. If you (or anyone) adds this functionality well in the simplest of terms in a PR of github.com/gnolang/gno/pkgs/crypto/keys/client, would be helpful.

[–][deleted] 4 insightful - 1 fun4 insightful - 0 fun5 insightful - 1 fun -  (0 children)

Wow. POS indeed.

[–]SoCo 2 insightful - 1 fun2 insightful - 0 fun3 insightful - 1 fun -  (0 children)

PGP mostly just comes with too many bells and whistles by default. The whole project's security is weakened by trying to be everything possible for everyone, IMO.

I always think of public/private key crypto as being for sharing stuff between multiple parties, rather than just password protection. Maybe a cipher would be better, depending on the details of what you are doing. Otherwise, you could be brave and give libsodium based PCP a try (Pretty Curved Privacy). It works like PGP, just without all the bells and whistles. Instead of unlocking a key cert with the passpharse like PGP, PCP uses the passphrase as a key, making it required every time. It comes with the warning of being somewhat new and less battle tested crypto.

Popular alternatives for just password protecting files are usually ccrypt (ccencrypt/ccdecrypt deletes original file!), using zip or7-zip's password protection, zulucrypt (a truecrypt successor), or using openssl's enc command (-aes-256-cbc should be a good cipher, maybe with some beefed up key derivation options).

[–][deleted] 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (0 children)

get it

[–]Chipit 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (0 children)

Free software. You get what you pay for.

[–]yabbit 1 insightful - 2 fun1 insightful - 1 fun2 insightful - 2 fun -  (0 children)

What kind of files are they hombre?

[–]Smarterthanlastweek2 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

They used to have that in free open source software called PGP: https://en.wikipedia.org/wiki/Pretty_Good_Privacy But then someone figured out you could make money with it and somehow turned it into pay software.

[–]iDontShift 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

just found out McAfee is owned by Intel. known spy-ware .. owned by intel.. wtf

https://en.wikipedia.org/wiki/McAfee

down a weird rabbit hole i went to find this.. pgp.. bought by Network Associates Inc (which owns McAfee) was bought by Intel

[–]asterias 1 insightful - 1 fun1 insightful - 0 fun2 insightful - 1 fun -  (0 children)

https://www.veracrypt.fr/en/Home.html