David Shaw dshaw at
Sun Jun 17 00:02:52 CEST 2007

Some people have noticed that I recently committed support for the
Camellia cipher in GnuPG.  Here's the story behind that.

Camellia is not currently part of OpenPGP, and will also not be part
of the upcoming "2440bis" updating of RFC-2440.  It has been proposed,
however, that right after 2440bis is published, the OpenPGP Working
Group take the necessary steps to add Camellia.  To simplify
interoperability testing between different OpenPGP implementations,
I've added Camellia to GnuPG.  Naturally, it is disabled by default
and the only people who should really enable it are those doing
interoperability work.

While it is impossible for me to stop people from enabling and using
it, be warned of a few things: first, Camellia isn't part of OpenPGP
yet, and if for whatever reason it doesn't become part of OpenPGP, you
won't be able to decrypt anything you've encrypted with Camellia.
Similarly, as Camellia has not been assigned an OpenPGP cipher number,
I've picked 11 (the next unassigned number).  If Camellia gets
approved with a different number, you won't be able to decrypt
anything you've encrypted with this version of Camellia.  Finally, if
there is some error in the current GnuPG usage of Camellia that we
later fix, you again won't be able to decrypt.

I'm not going to go into whether Camellia is considered strong or not,
as it's not really relevant to this discussion: even if Camellia was
the strongest cipher in the world, you should still not enable it for
the reasons given above.

Rest assured that if/when Camellia is approved (or even on a
reasonable track to approval), it will be enabled for general use.


More information about the Gnupg-devel mailing list