Encrypted session key support

Timo Schulz twoaday at freakmail.de
Thu Jun 6 20:53:01 CEST 2002


recently I added encrypted session key support for the
"Symmetric-Key Encrypted Session-Key Packets (Tag 3)" in GPG (CVS).

[from RFC2440 5.3.]

     - Optionally, the encrypted session key itself, which is decrypted
       with the string-to-key object.

We need this step to support the combination of --symmetric and
--encryption. In other words that ciphertext can be deciphered either
by a passphrase or a session key. It'll take a while until this feature
is fully available.

Now my question is how to activate this option. By default we only
use the S2K output as a session key for --symmetric. My first idea
was to use an option like "--advanced". But I'm even not sure if PGP
supports this mode for symmetric encryption. Maybe we should activate
it by default when --expert is used but this would be only useful when
PGP also supports it.

Any hints are welcome,


More information about the Gnupg-devel mailing list