[issue10] SMIME RC2 (128bit) encryption error

Werner Koch wk at gnupg.org
Mon Dec 15 10:02:41 CET 2003

On Sat, 13 Dec 2003 12:15:34 +0000, =?utf-8?q?Ingo Kl=C3=B6cker?= said:

> It seems that kmail smime plugin can not handle encrypted email  
> if the encryption method used was RC2 (128bit).  

That is correct.  We don't support RC2 because its major usage was for
a 40 bit key which is too ridiculous to get implemented.  Granted,
there are stronger variants but I see no forcing reason to implement
it.  Although that rfc 2268 does now describe the RC2 algorithms, we
can't be sure that it is not patent encumbered or problematic in other

The statement given in rfc2268:

   RC2 is a registered trademark of RSA Data Security, Inc. RSA's
   copyrighted RC2 software is available under license from RSA Data
   Security, Inc.

does not make real clear that it can be freely used.  For the message
digests MD4 and 5, RSA Inc. has published a clarification that these
algorithms may be freely used.  I was not able to found such a
statement for RC2, though.

Even without possible legal problems out of the way, I can't see a
sound reason to support ancient algorithms in a modern
implementation.  It is a pity that CMS does not specify a list of
MUST, SHOULD and MAY algorithms but leaves this selection to the
discretion of the implementor.  Thus, we don't support RC2 but favor
the use of 3DES-EDE and AES which are widely supported.


Werner Koch                                      <wk at gnupg.org>
The GnuPG Experts                                http://g10code.com
Free Software Foundation Europe                  http://fsfeurope.org

More information about the Gpa-dev mailing list