GnuPG. File size limit?

encryption gnupg

6,640

Solution 1

Do I run into problems if I do that or is it perfectly safe to encrypt such large files?

The file size limit is Operating System dependent.

--max-output n
                 This option sets a limit on the number of bytes that will  be
                 generated  when  processing  a  file.  Since OpenPGP supports
                 various levels of compression, it is possible that the plain-
                 text  of a given message may be significantly larger than the
                 original OpenPGP message.  While GnuPG  works  properly  with
                 such  messages, there is often a desire to set a maximum file
                 size that will be generated before processing  is  forced  to
                 stop  by  the  OS  limits.   Defaults  to  0, which means "no
                 limit".

Source gpg

Solution 2

There's no limit, only a possible security issue.

The OpenPGP format according to RFC 4880 has no limits on file size (although a single packet is limited to ~4 GiB, the file will simply be stored as a series of partial packets).
Some 32-bit versions of various OpenPGP software might have a limit of 2 or 4 GiB per file. So if you encrypt a file, it's not guaranteed that old computers will be able to decrypt it.

Software compiled for 64-bit should have no problems. (I haven't tested 32-bit GnuPG, but I think it should be fine.)
Make sure to avoid old ciphers using 64-bit block sizes (such as IDEA or Blowfish) due to possible security problems similar to the Sweet32 attack.

Ciphers with larger block sizes, such as AES, have no practical limits, but they didn't become the default in GnuPG until very recently (I think 2.1.x) – and even then, if you're encrypting to someone else, their's old pubkey, it might have "preferences" stored that tell the software to use a specific old cipher.

6,640

Admin

Updated on September 18, 2022

Comments

Admin over 1 year

Is there a file size limit for encrypting a single file with GnuPG(1.0.xx,2.0.xx,2.1.xx)?
The file size ranges from about 2GiB to 100GiB. I'm not worried about the 2Gib but I'm not really sure if it's a good idea to encrypt a single 100GiB file. Do I run into problems if I do that or is it perfectly safe to encrypt such large files?
I checked the FAQ on https://gnupg.org/ and only found an article dealing with file size limits of the different ciphers but not if there is a limitation of the program itself. Here is the link to the specific part: https://gnupg.org/faq/gnupg-faq.html#recommended_ciphers

Kind regards
Attie over 5 years

As gpg can encrypt in pipeline there is no "file size" in such a situation, but rather length of stream. Are you saying that encrypting large byte-streams / files could produce weaker security due to repetitions (or something)? For example, a 1.4 TiB disk image I have could suffer from weakened security, simply due to it's size.