Can't decrypt file with .md5 file extension

dee3 · August 11, 2010, 2:34pm

Hi All,

I have successfully decrypted a file with a .gpg extension (e.g. myfile.tar.gpg) using OpenPGP. Now, I have another test file and this time the file extension is .md5 (e.g. myfile.tar.gpg.md5.) How can I decrypt this kind of file? I have read that MD5 is a hash-algorithm but still I wasn't able to understand it fully. Appreciate any help. Thanks!

Dee

Bala_Kilaparti · August 11, 2010, 10:28pm

hi Dee,

what i learned when i was working on pgp server was that the file’s last extension should be .gpg. i may wrong.
did you tried the same file with this extension myfile.tar.md5.gpg

reamon · August 11, 2010, 11:51pm

From what you’re describing it sounds like you’re receiving 2 files–one with the payload and one with an MD5 hash for verifying the payload.

The MD5 file is a message digest used to confirm the integrity of the other file. The approach is that on receipt of the payload file, the MD5 hash is calculated and then compared with the MD5 hash in companion file. There are various apps available to assist with this.

Be aware that MD5 has been proven to be weak. Search the web for MD5 and you’ll find plenty of material on that.

Also, with the use of an OpenPGP implementation, such as gnuPG and other encryption tools, a companion MD5 file is unnecessary. PGP provides built-in mechanisms to confirm the integrity of the encrypted file. See if you can leverage that instead.

[Edit] If this does not describe your scenario please additional detail about the MD5 file and its intended use.

DevNull43 · August 13, 2010, 5:14am

When transferring files over network, they sometimes get corrupted due different factors.
In order to check file integrity, a MD5 file is created. This file.name.md5 is a TXT file containing the md5sum which should be equal if you calculate the MD5sum for the file you downloaded.

You can find many examples for this when downloading ISO files for most of Linux distros.

As reamon points out this is weak, so is only used for validating file integrity. For others scenarios use PGP.

To ressume, that md5 txt file is to verify file integrity ONLY.

reamon · August 16, 2010, 11:52pm

To reiterate, use of MD5 along with a PGP file is redundant. PGP can verify file integrity. Using MD5 is unnecessary.