Read a good book on cryptography to assemble all these facts you have read in the web. Sometimes they can become myths if they're taken out of context.
Anyway, I'll try to answer some questions:
Quote:
1) Does GPG, as I use it, produce an encrypted file that contains a sort of header?
|
Yes, GPG does use a header for internal use and it's no big deal unless you want some obscurity that in the end won't add any bit to security... It uses a well known header recognized by the file(1) command.
An entirely different thing is the fact that plaintext sometimes contain known pieces (ie, TCP/IP, archive, image and e-mail headers, C++ source, etc). This could be used to retrieve information about the key and more plaintext bits. This is what is called as "known plaintext attack". Good encryption software minimizes this risk by compressing the plaintext and eliminating redundancy.
Quote:
3) Is encryption of encrypted strings a worthwhile procedure?
|
It depends on the context. I use to manage (encrypt/decrypt) my passwords file in an encrypted loop partition to avoid it reaching the disk.
Asymmetric encryption is useful when encrypting data destined to another recipient. Asymmetric algorithms are best used to encrypt a random (session) key that really encrypts the data. It is because asymmetric algorithms are slower because of the mathematical models they use.