When comparing GPG encrypted text file vs Online encryption tools, the Slant community recommends GPG encrypted text file for most people. In the question“What are the best ways to send secure, encrypted messages?” GPG encrypted text file is ranked 6th while Online encryption tools is ranked 8th. The most important reason people chose GPG encrypted text file is:
For example, I can run GITHUB_TOKEN=$(gpg -d GITHUB_TOKEN.gpg) some_tool
Specs
Ranked in these QuestionsQuestion Ranking
Pros
Pro Can be easily integrated with other command-line tools
For example, I can run GITHUB_TOKEN=$(gpg -d GITHUB_TOKEN.gpg) some_tool
Pro Outstanding compatibility
GPG is standard on most operating systems, and is compatible with "too many to list". A GPG API is currently being developed for further integration.
Pro Free to use and modify
GPG does not use patented algorithms, so this service is free to use and modify without restrictions.
Pro Can be used with any system that understands text files
Text files are ubiquitous. They can be read across any modern platform and many obsolete one's.
Pro No dependencies
GnuPG does not depend on a reading program in order to be functional.
Pro Offers an installation package for Windows and OS X
"Gpg4win" is the installation package for Windows, and "GPGTools" is the package for Mac. The purpose of these packages is to equip users with everything needed in order to effectively keep information private.
Pro Uses symmetric key encryption to ensure that emails are secure
Symmetric key encryption not only protects emails from unauthorized access, but it ensures that the sender and receiver are legitimate.
Cons
Con Requires knowledge of the command line
GnuPG requires technical knowledge, but their FAQ is incredibly helpful for people who want to get started.
Con Shared passwords have many flaws compared to other approaches to encrypted messaging
Passwords invite crackability, since the user might not opt to generate them randomly. Password compromise means the compromise of every message encrypted with the same password, past and future. Symmetric encryption means you need a different password for each group. If there are more than two people passing shared messages together, the encryption scheme doesn’t add proof of a message’s origin, unlike other options.
Con Not open-source
(applies only to infoencrypt.com)
The JavaScript is minified and no original source is provided.
Con Weak use of encryption primitives
- Both services currently listed derive keys from passwords with 1,000 iterations of PBKDF2. The NIST-recommended minimum is 10,000.
- infoencrypt.com uses a fixed, public secret key for its HMAC, meaning the message can be tampered with undetectably without knowing the password:
Secret key is simply
infoencrypt.com,AES,128b
in binary representation ([0x69, 0x6e, 0x66, 0x6f, 0x65, 0x6e, 0x63, 0x72, 0x79, 0x70, 0x74, 0x2e, 0x63, 0x6f, 0x6d, 0x2c, 0x41, 0x45, 0x53, 0x2c, 0x31, 0x32, 0x38, 0x62])
Con In-browser encryption is hard to audit
With local open-source tools, you can read the source before running; with reproducible builds, you can also confirm that any precompiled packages are genuine. In a browser, it’s much harder to make sure that the source you’re looking at is what’s actually running, and that nothing else from the same origin is interfering with it. And your recipient has to do the same!