Symmetric encryption

David Shaw dshaw at
Sun Jul 28 19:08:01 CEST 2002

On Sun, Jul 28, 2002 at 12:01:18PM -0400, Gordon Worley wrote:
> On Sunday, July 28, 2002, at 11:16  AM, David Shaw wrote:
> >On Sun, Jul 28, 2002 at 11:02:56AM -0400, Gordon Worley wrote:
> >>When I symmetrically encrypt a file, I have a few questions about what
> >>is generated:
> >>
> >>- Where is the key stored?
> >>- Is the passphrase used to protect a key?  Is the passphrase the key?
> >
> >It depends on what sort of symmetric encryption settings you use.  By
> >default, GnuPG does the same sort of thing it does with public key
> >encryption - random session key, encrypt the data with the session
> >key, then encrypt the session key.  The difference with --symmetric is
> >that it then encrypts the session key with your passphrase, rather
> >than with a public key.  When --rfc1991 is specified, GnuPG just
> >encrypts the data itself with your passphrase.  There are a few
> >possible ways to turn a passphrase into a key - see the "String-to-key
> >(S2K) specifiers" section in RFC 2440.
> >
> >>- How is the output formatted?  Can a program other than GnuPG decrypt
> >>it?
> >
> >The format is fairly simple, and a program other then GnuPG or PGP can
> >certainly decrypt it.  The exact details are in RFC 2440.
> Thanks.  One more question:  how do I know what cipher was used?  I see 
> that I can set this using --cipher-algo and --s2k-cipher-algo (the 
> former of course being the better way to do this), but when I 
> symmetrically encrypt a file I'm not told anything until decryption, 
> when it does show the algorithm that was used.  Is there anyway to find 
> this out before or during encryption?

I'm not exactly sure what you are asking.  As you say, you can use
--cipher-algo to set the cipher to use.  If you don't specify
something, it uses whatever the s2k-cipher-algo is.  The s2k cipher
algo defaults to CAST5.


   David Shaw  |  dshaw at  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

More information about the Gnupg-devel mailing list