Symmetric file encryption from gui

Is there no option to encrypt a file using symmetric encryption when using the gui?

It can be done from commandprompt and other frontends like Cryptophane.

A file encrypted from the File | Sign/Encrypt menu in Kleopatra or the corresponding context menu in GPGeX is encrypted using the hybrid method, which is explained by this quote from the GnuPG manual at

"Hybrid ciphers

Public-key ciphers are no panacea. Many symmetric ciphers are stronger from a security standpoint, and public-key encryption and decryption are more expensive than the corresponding operations in symmetric systems. Public-key ciphers are nevertheless an effective tool for distributing symmetric cipher keys, and that is how they are used in hybrid cipher systems.

A hybrid cipher uses both a symmetric cipher and a public-key cipher. It works by using a public-key cipher to share a key for the symmetric cipher. The actual message being sent is then encrypted using the key and sent to the recipient. Since symmetric key sharing is secure [sic - should say “insecure”], the symmetric key used is different for each message sent. Hence it is sometimes called a session key.

Both PGP and GnuPG use hybrid ciphers. The session key, encrypted using the public-key cipher, and the message being sent, encrypted with the symmetric cipher, are automatically combined in one package. The recipient uses his private-key to decrypt the session key and the session key is then used to decrypt the message.

A hybrid cipher is no stronger than the public-key cipher or symmetric cipher it uses, whichever is weaker. In PGP and GnuPG, the public-key cipher is probably the weaker of the pair. Fortunately, however, if an attacker could decrypt a session key it would only be useful for reading the one message encrypted with that session key. The attacker would have to start over and decrypt another session key in order to read any other message."

The same procedure is used for encrypting a file as for encrypting a message. Encrypting a file is essentially “encrypting a message to yourself in the future”. On the GnuPG command line you can set the default symmetric cipher, which is generally IDEA or AES128 or AES256. The key used to encrypt the session key usually defaults to RSA-2048; this is the option offered when you create your certificate. All these are to all intents and purposes unbreakable. Using GPG on the command line, you can determine what the default algorithms are using the command: C:>gpg --version.

Just to be clear, the asymmetric/symmetric combination is used because asymmetric algorithms are dramatically slower than symmetric ones, which for encrypting large files makes a significant difference.


J M,

While your post is an excellent explanation of asymmetric ciphers, I don’t think it answers the OP’s question.

Using the command prompt, one can encrypt a file using only a symmetric cipher. This is convenient if you want to encrypt something without needing a key to decrypt it later, all you need is the password.

If I understand the OP correctly, he wants to know why this is not an option in the GUI. Unfortunately, I don’t have the answer to that.

Sean C.

Yes, Sean C understood me correct.

OK, my mistake, sorry. I thought you were looking for a way to do only symmetric encryption based on the PGP certificate system. For symmetric encryption with a passphrase, there is no particular virtue in using GPG. For single-file encryption, I would use AES Crypt ( This open-source freeware provides AES-256 encryption via the GUI - you just right-click on your file and select from the context menu, then provide a passphrase.

I tend to encrypt more than one file at once, so I use a Truecrypt volume and just move the files into it. With Truecrypt you can select the algorithm to use, although you might as well use AES-256 as any.