CryptSync and GnuPG - customization options and inability to use
Recently I read an interesting article about cryptographic protection of data stored in cloud services: "Overview of options for encrypting data in the clouds for Windows . "
The program CryptSync seemed very interesting - simple and self-sufficient. The program synchronizes 2 directories, while encrypting files using 7-zip or GnuPG. The only supported platform is Windows.
The disadvantage mentioned by the author of the article above is the storage of 2 copies of files - it does not seem to me to be very significant, and with the “Mirror original folder to encrypted folder” option enabled, you can safely erase original files in the source folder after synchronization and store only encrypted copies. , and when you need to turn off this option, respectively, the decrypted files will appear again in the source folder.
')
For quite some time now, I have not wanted to use AES, a crypto algorithm officially certified and standardized by the US NSA in any implementation, because there are ciphers that I (and not only) prefer to it, and they are represented in GnuPG.
Therefore, having learned that the program supports synchronization using GnuPG, I was pleasantly surprised. In 7-zip, only AES-256 is used for encryption, while GnuPG has a rich choice.
Having installed CryptSync and assessed the work, I immediately updated GnuPG to version 1.4.18 from the official site (with CryptSync, an old version is provided). Installed, placed files gpg.exe and iconv.dll in the installation directory CryptSync. The installation of GnuPG itself can be simply uninstalled. Now you can see: what to choose from, and how to choose our choice? In the CryptSync directory, launch CMD - gpg.exe --version and see the following listing:
Symmetric ciphers: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256,
TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 - choose from what.
In the same listing, there is an indication of the GnuPG home directory - Home: - we will need this too.
The HOME directory is the usual C: / Users / 'UserName' / AppData / Roaming / gnupg, but you can change the register value HKCU \ Software \ GNU \ GnuPG: HomeDir to any convenient, there GnuPG stores tinctures, keys that it needs for work.
In the home directory, create a text file - gpg.conf in it we specify the personal-cipher-preferences 'cipher name' as it is listed in the listing above, i.e. personal-cipher-preferences CAMELLIA256, for example. By the way, the default cipher is CAST5. The same result is given by cipher-algo 'cipher name'. Disabled compression - compress-level 0 - each option is in a separate line (disables compression for ZLIB which is used by default). I personally do not need compression. It can be noted here that in the gpg.conf file you can configure almost everything that a specific user needs, given that we use symmetric encryption.
And here comes the rake, which the author of CryptSync, apparently, is particularly proud of and even mentioned it in the program description:
That is, you can optionally use GnuPG, but the files are larger in size than the originals.
Let's see, and why more and how much. More by ~ 30%! Why is this happening - the default output format for GnuPG is binary and there is no big difference in the size of the source and encrypted file. The author of CryptSync calls GnuPG with the --armor (ASCII armor) option - just like the name, which turns the output file into ASCII text. This option in GnuPG is used to send plain text (e-mail), asymmetric encryption public keys, for example. PGP is simply a text messaging system originally protected. But it is impossible to override it using gpg.conf or something else. Personally, I was looking for a long time how to do it, but I did not find it. But to enable this option (if it were not) - it would be possible, using gpg.conf - we specify the actual --armor.
You can simply check - cmd - gpg - with your file in comparison with gpg - with - warm or your file.
What we have in the end for the gpg format in CryptSyns is 30% extra size. And the option that can not be disabled This can be corrected by compressing the file with the archiver - this is pure text and these 30% will be compressed. But if the source file is an archive, and you specifically turned off compression, then why is this necessary?
In conclusion, I want to say that I tried to contact the author of CryptSyns via the provided email, but I did not receive any reply.
Also wrote a review on SourceForge with the same result. Maybe in future releases the situation will change or somebody will tell you how to disable this option. In principle, a very decent and free crypto-sync program and the use of GnuPG help to expand its capabilities, if you bring this matter to mind.
A small video, clearly showing the essence of the phenomenon.
PS Switching ciphers to GnuPG is also necessarily done by AES users, as is the standard symmetric cipher for GnuPG - CAST5. NASA recommends. They also do not recommend the use of --armour (in the original).
When writing materials were used from official sites:
GnuPG - www.gnupg.org/documentation/manuals/gnupg/GPG-Options.html#GPG-Options
CryptSync - stefanstools.sourceforge.net/CryptSync.html
NASA - www.nas.nasa.gov/hecc/support/kb/Using-GPG-to-Encrypt-Your-Data_242.html
The program CryptSync seemed very interesting - simple and self-sufficient. The program synchronizes 2 directories, while encrypting files using 7-zip or GnuPG. The only supported platform is Windows.
The disadvantage mentioned by the author of the article above is the storage of 2 copies of files - it does not seem to me to be very significant, and with the “Mirror original folder to encrypted folder” option enabled, you can safely erase original files in the source folder after synchronization and store only encrypted copies. , and when you need to turn off this option, respectively, the decrypted files will appear again in the source folder.
')
For quite some time now, I have not wanted to use AES, a crypto algorithm officially certified and standardized by the US NSA in any implementation, because there are ciphers that I (and not only) prefer to it, and they are represented in GnuPG.
Therefore, having learned that the program supports synchronization using GnuPG, I was pleasantly surprised. In 7-zip, only AES-256 is used for encryption, while GnuPG has a rich choice.
Having installed CryptSync and assessed the work, I immediately updated GnuPG to version 1.4.18 from the official site (with CryptSync, an old version is provided). Installed, placed files gpg.exe and iconv.dll in the installation directory CryptSync. The installation of GnuPG itself can be simply uninstalled. Now you can see: what to choose from, and how to choose our choice? In the CryptSync directory, launch CMD - gpg.exe --version and see the following listing:
Symmetric ciphers: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256,
TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 - choose from what.
In the same listing, there is an indication of the GnuPG home directory - Home: - we will need this too.
The HOME directory is the usual C: / Users / 'UserName' / AppData / Roaming / gnupg, but you can change the register value HKCU \ Software \ GNU \ GnuPG: HomeDir to any convenient, there GnuPG stores tinctures, keys that it needs for work.
In the home directory, create a text file - gpg.conf in it we specify the personal-cipher-preferences 'cipher name' as it is listed in the listing above, i.e. personal-cipher-preferences CAMELLIA256, for example. By the way, the default cipher is CAST5. The same result is given by cipher-algo 'cipher name'. Disabled compression - compress-level 0 - each option is in a separate line (disables compression for ZLIB which is used by default). I personally do not need compression. It can be noted here that in the gpg.conf file you can configure almost everything that a specific user needs, given that we use symmetric encryption.
And here comes the rake, which the author of CryptSync, apparently, is particularly proud of and even mentioned it in the program description:
Optionally the encryption can be done using GnuPG. It can be used for more than a cloud drive.
That is, you can optionally use GnuPG, but the files are larger in size than the originals.
Let's see, and why more and how much. More by ~ 30%! Why is this happening - the default output format for GnuPG is binary and there is no big difference in the size of the source and encrypted file. The author of CryptSync calls GnuPG with the --armor (ASCII armor) option - just like the name, which turns the output file into ASCII text. This option in GnuPG is used to send plain text (e-mail), asymmetric encryption public keys, for example. PGP is simply a text messaging system originally protected. But it is impossible to override it using gpg.conf or something else. Personally, I was looking for a long time how to do it, but I did not find it. But to enable this option (if it were not) - it would be possible, using gpg.conf - we specify the actual --armor.
You can simply check - cmd - gpg - with your file in comparison with gpg - with - warm or your file.
What we have in the end for the gpg format in CryptSyns is 30% extra size. And the option that can not be disabled This can be corrected by compressing the file with the archiver - this is pure text and these 30% will be compressed. But if the source file is an archive, and you specifically turned off compression, then why is this necessary?
In conclusion, I want to say that I tried to contact the author of CryptSyns via the provided email, but I did not receive any reply.
Also wrote a review on SourceForge with the same result. Maybe in future releases the situation will change or somebody will tell you how to disable this option. In principle, a very decent and free crypto-sync program and the use of GnuPG help to expand its capabilities, if you bring this matter to mind.
A small video, clearly showing the essence of the phenomenon.
PS Switching ciphers to GnuPG is also necessarily done by AES users, as is the standard symmetric cipher for GnuPG - CAST5. NASA recommends. They also do not recommend the use of --armour (in the original).
When writing materials were used from official sites:
GnuPG - www.gnupg.org/documentation/manuals/gnupg/GPG-Options.html#GPG-Options
CryptSync - stefanstools.sourceforge.net/CryptSync.html
NASA - www.nas.nasa.gov/hecc/support/kb/Using-GPG-to-Encrypt-Your-Data_242.html
Source: https://habr.com/ru/post/244023/
All Articles