A few more GnuPG / NAI questions

Werner Koch wk@gnupg.org
Fri, 7 Jan 2000 17:44:52 +0100

[I removed the crosspost to -devel]

On Fri, 7 Jan 2000, Simpson, Sam wrote:

> a) Will GnuPG support "as standard" RSA (with or without IDEA) from Sept
> 2000?
Sure. However I still think that DSA keys are better. No IDEA of course - ask again in 2007(?)
> b) I think a strong argument can be made for allowing a user to "get at"
> (e.g. print on the screen) the decrypted session key in case of a court
> order rather than having to give up the asymmetric key. A corresponding
> feature could then be added to decrypt a message with a given session key.
> Are there any problems with this approach and if not why hasn't it been
> implemented? I've seen the November discussion on the development list RE
> this and Werner seems to not like this approach - but I can't think why.
> Surely it is empowering users? I appreciate that I could implement this
> myself trivially, but IMHO this is such a potentially useful feature that it
> should be a part of the standard distribution.
I still don't like to support govermental spying. It has never been proven that decrypting a message has influenced a court decision. Traffic analysis is much more powerful in most cases. But, I won't debate over this theme. You know that we received some governmental funding; and there has never been a discussion about such a requirement! If you need this, someone will probably be able to implement it for you and Shashdot will get a long thread ...
> c) Are there any downsides to using ElGamal encrypt + sign keys (apart
> from the lack of interoperability w/PGP users and the size of signatures...)
Not that I am aware of except that the computation takes loner.
> d) Can I create an RSA key with GnuPG????? I've got the IDEA/RSA modules
> compiled and installed but can't find a way of creating an RSA key?
If you get back to a very early CVS revision or look at those g10-0.0.?.tar.gz files, you might find some code. I have removed this intentionally.
> e) Question on key prefs(gpg --edit-key x| pref)....NAI/PGP created keys
> report "S2 S3 S1" whilst GnuPG keys (of either type) report "S10 S3 H3 H2 Z2
> Z1". I guess Sx refers to symmetric cipher whilst Hx is Hash and Zx is
This means: Get the cipher algorithm by doing an intersection of your software algorithm list with Twofish, CAST5, 3DES and use the first match. Same for hash algorithms and compression algorithm
> compression....My questions on this are: Is the first item in the list the
> "prefered" option? Why isn't S3+S4 included in the GnuPG list? Why does
You mean S3, S1? S1 is IDEA and not supported by GnuPG so it does not make sense to create keys which advertise that IDEA may be used. New GnuPG keys have Blowfish again in their list, as it has turned out that it will take some more time to resolve some problems with OpenPGP extensions.
> NAI/PGP list only symmetric ciphers whereas GnuPG offers a more complete
> list?
GnuPG is better ;-). There are some defaults defined, so that there is not real need for this in PGP. And PGP is not OpenPGP compliant.
> I think GnuPG is the sexiest thing since sliced bread. TIA,
Oh, I still take a knife to cut the bread :-) -- Werner Koch at guug.de www.gnupg.org keyid 621CC013 Boycott Amazon! - http://www.gnu.org/philosophy/amazon.html