CryptSync and GnuPG - customization options and inability to use
Recently I read an interesting article on cryptographic protection of data stored in cloud services: “Overview of data encryption options in the clouds for Windows” .
The CryptSync program seemed very interesting - simple and self-sufficient. The program synchronizes 2 directories, while encrypting files using 7-zip or GnuPG. The only supported platform is Windows.
The drawback mentioned by the author of the article above - storing 2 copies of files - doesn’t seem very significant to me, besides, with the Mirror original folder to encrypted folder option turned on, you can safely erase the original files in the source folder after synchronization and only store encrypted copies , and when you need to turn off this option, respectively, the decrypted files will appear again in the source folder.
For some time now I have become sick of using AES, a crypto algorithm officially certified and standardized by the NSA in any implementation, because there are ciphers that I (and not only) prefer to him, and they are presented in GnuPG.
Therefore, having learned that the program supports synchronization using GnuPG, I was pleasantly surprised. In 7-zip, only AES-256 is used for encryption, while in GnuPG the choice is quite rich.
After installing CryptSync and evaluating the work, I immediately updated GnuPG to version 1.4.18 from the official site (the old version is provided with CryptSync in order). Installed, placed the files gpg.exe and iconv.dll in the CryptSync installation directory. The GnuPG installation itself can simply be uninstalled. Now you can see: and from what actually to choose, and how to designate our choice? In the CryptSync directory, run CMD - gpg.exe --version and see the following listing:
Symmetric ciphers: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256,
TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 - there are plenty to choose from.
In the same listing there is an indication of the GnuPG home directory - Home: - we will also need this.
The HOME directory is usually C: / Users / 'UserName' / AppData / Roaming / gnupg, but you can change the value of HKCU \ Software \ GNU \ GnuPG in the register: HomeDir to any convenient one, GnuPG stores settings there, keys that it needs for work.
In the home directory we create a text file - gpg.conf in it we specify personal-cipher-preferences 'cipher name' as it is indicated in the listing above, i.e.personal-cipher-preferences CAMELLIA256, for example. By the way, the default cipher is CAST5. The same result gives cipher-algo 'cipher name'. Disable compression - compress-level 0 - each option as a separate line (disables compression for ZLIB which is used by default). Personally, I do not need compression. It can be noted here that in the gpg.conf file you can configure almost everything that a specific user needs, given that we use symmetric encryption.
And here a rake pops up, which the author of CryptSync, apparently, is especially proud of and even mentioned this in the description of the program:
That is, you can optionally use GnuPG, but the files are larger than the originals.
Let's see why more and how much. ~ 30% more! Why this happens - the default output format for GnuPG is binary and there is no big difference in size between the source and the encrypted file. The author of CryptSync calls GnuPG with the option --armor (ASCII armor) - just like the name, which turns the output file into ASCII text. This option in GnuPG is used to send plain-text via e-mail, asymmetric encryption public keys, for example. Simply PGP is an inherently secure text messaging system. But overriding this using gpg.conf or something else is impossible. Personally, I have been looking for how to do this for a long time, but have not found. But to enable this option (if it weren’t) - it would be possible using gpg.conf - we specify actually --armor.
You can check simply - cmd - gpg -with your.file compared to gpg -with -armor your.file.
What we have as a result for the gpg format in CryptSynс is 30% oversize. And an option that cannot be disabled. This can be fixed by compressing the file with the archiver - this is pure text and these 30% will be compressed. But if the source file is an archive, and you specifically turned off compression, then why is this needed?
In conclusion, I want to say that I tried to contact the author of CryptSynс by the provided email, I did not receive any answer.
Also wrote a review on SourceForge with the same result. Maybe in future releases the situation will change or someone will tell you how to disable this option. In principle, a very worthy and free crypto-synchronization program and the use of GnuPG help expand its capabilities if you bring this matter to mind.
A small video that clearly shows the essence of the phenomenon.
PS Switching ciphers in GnuPG is also necessarily done by AES users, so the standard symmetric cipher for GnuPG is CAST5. NASA recommends. They do not recommend the use of --armour (in the original).
When writing, materials from official websites were used:
GnuPG - www.gnupg.org/documentation/manuals/gnupg/GPG-Options.html#GPG-Options
CryptSync -stefanstools.sourceforge.net/CryptSync.html
NASA - www.nas.nasa.gov/hecc/support/kb/Using-GPG-to-Encrypt-Your-Data_242.html
The CryptSync program seemed very interesting - simple and self-sufficient. The program synchronizes 2 directories, while encrypting files using 7-zip or GnuPG. The only supported platform is Windows.
The drawback mentioned by the author of the article above - storing 2 copies of files - doesn’t seem very significant to me, besides, with the Mirror original folder to encrypted folder option turned on, you can safely erase the original files in the source folder after synchronization and only store encrypted copies , and when you need to turn off this option, respectively, the decrypted files will appear again in the source folder.
For some time now I have become sick of using AES, a crypto algorithm officially certified and standardized by the NSA in any implementation, because there are ciphers that I (and not only) prefer to him, and they are presented in GnuPG.
Therefore, having learned that the program supports synchronization using GnuPG, I was pleasantly surprised. In 7-zip, only AES-256 is used for encryption, while in GnuPG the choice is quite rich.
After installing CryptSync and evaluating the work, I immediately updated GnuPG to version 1.4.18 from the official site (the old version is provided with CryptSync in order). Installed, placed the files gpg.exe and iconv.dll in the CryptSync installation directory. The GnuPG installation itself can simply be uninstalled. Now you can see: and from what actually to choose, and how to designate our choice? In the CryptSync directory, run CMD - gpg.exe --version and see the following listing:
Symmetric ciphers: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256,
TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 - there are plenty to choose from.
In the same listing there is an indication of the GnuPG home directory - Home: - we will also need this.
The HOME directory is usually C: / Users / 'UserName' / AppData / Roaming / gnupg, but you can change the value of HKCU \ Software \ GNU \ GnuPG in the register: HomeDir to any convenient one, GnuPG stores settings there, keys that it needs for work.
In the home directory we create a text file - gpg.conf in it we specify personal-cipher-preferences 'cipher name' as it is indicated in the listing above, i.e.personal-cipher-preferences CAMELLIA256, for example. By the way, the default cipher is CAST5. The same result gives cipher-algo 'cipher name'. Disable compression - compress-level 0 - each option as a separate line (disables compression for ZLIB which is used by default). Personally, I do not need compression. It can be noted here that in the gpg.conf file you can configure almost everything that a specific user needs, given that we use symmetric encryption.
And here a rake pops up, which the author of CryptSync, apparently, is especially proud of and even mentioned this in the description of the program:
Optionally the encryption can be done using GnuPG. Please note that when using this option, the encrypted files can be larger than the original files and use up more space on your cloud drive.
That is, you can optionally use GnuPG, but the files are larger than the originals.
Let's see why more and how much. ~ 30% more! Why this happens - the default output format for GnuPG is binary and there is no big difference in size between the source and the encrypted file. The author of CryptSync calls GnuPG with the option --armor (ASCII armor) - just like the name, which turns the output file into ASCII text. This option in GnuPG is used to send plain-text via e-mail, asymmetric encryption public keys, for example. Simply PGP is an inherently secure text messaging system. But overriding this using gpg.conf or something else is impossible. Personally, I have been looking for how to do this for a long time, but have not found. But to enable this option (if it weren’t) - it would be possible using gpg.conf - we specify actually --armor.
You can check simply - cmd - gpg -with your.file compared to gpg -with -armor your.file.
What we have as a result for the gpg format in CryptSynс is 30% oversize. And an option that cannot be disabled. This can be fixed by compressing the file with the archiver - this is pure text and these 30% will be compressed. But if the source file is an archive, and you specifically turned off compression, then why is this needed?
In conclusion, I want to say that I tried to contact the author of CryptSynс by the provided email, I did not receive any answer.
Also wrote a review on SourceForge with the same result. Maybe in future releases the situation will change or someone will tell you how to disable this option. In principle, a very worthy and free crypto-synchronization program and the use of GnuPG help expand its capabilities if you bring this matter to mind.
A small video that clearly shows the essence of the phenomenon.
PS Switching ciphers in GnuPG is also necessarily done by AES users, so the standard symmetric cipher for GnuPG is CAST5. NASA recommends. They do not recommend the use of --armour (in the original).
When writing, materials from official websites were used:
GnuPG - www.gnupg.org/documentation/manuals/gnupg/GPG-Options.html#GPG-Options
CryptSync -stefanstools.sourceforge.net/CryptSync.html
NASA - www.nas.nasa.gov/hecc/support/kb/Using-GPG-to-Encrypt-Your-Data_242.html