gpgsm: Cipher default: 3DES, because of OL2003 and Outlook2007

Bernhard Reiter bernhard at
Wed Jul 8 15:57:42 CEST 2009

Am Freitag, 6. Februar 2009 18:20:51 schrieb Bernhard Reiter:
> It seems that Outlook 2003 cannot deal with AES encrypted
> S/MIME emails and even spits out some error message which is unhelpful.
> At least in German is says something about an ID not found.

The German message, btw, is:
  Dieses Element kann nicht geöffnet werden. Der Name Ihrer digitalen ID 
konnte im zugrunde liegenden Sicherheitssystem nicht gefunden werden.

While they mean that the encryption algorithm is not supported by the crypto 

Note that some versions of Outlook 2007 (OL2007) also do _not_ support AES.
One that does _not_:
  MS Office Outlook 2007 (12.0.6504.5000) SP2 MSO (12.0.6425.1000)
  Windows XP Prof. 2002 SP3
One that _does_ AES:
  Outlook 2007 (12.0.6316.5000) SP1 MSO (12.0.6320.5000)
  Microsoft Windows Vista Business 6.0.6000 Build 6000

> So the default for gpgsm should be 3DES.
> (For 2.0.10 is was changed to AES, and this causes us to detect the
> interoperability problem.)

The default was changed for good to 3DES in the gnupg 2.0.11 release.

> Note, to find out the default encryption cipher, you could use the
> command: gpgconf --list-options gpgsm
> (or the internal version gpgsm --gpgconf-list )

Note that some versions of gnupg, 
e.g.  2.0.9-svn4835-0kk3 will show a wrong default via 
gpgconf --list-options . They show '"3DES', but use 'AES'.


Managing Director - Owner:       (Free Software Company)
Germany Coordinator: Coordinator:
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20090708/794fb3fb/attachment.pgp>

More information about the Gnupg-devel mailing list