A few more GnuPG / NAI questions

[Simpson, Sam]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> -----Original Message-----
> From: Werner Koch [mailto:wk@gnupg.org]
> Sent: 07 January 2000 16:47
> To: s.simpson@mia.co.uk
> Subject: Re: A few more GnuPG / NAI questions
> 
> 
> [I removed the crosspost to -devel]
> 
> On Fri, 7 Jan 2000, Simpson, Sam wrote:
> 
> >   a) Will GnuPG support "as standard" RSA (with or without 
> IDEA) from Sept
> > 2000?
> 
> Sure.  However I still think that DSA keys are better.  

FWIW, I agree totally - but there are still many "die hard" RSA
users that refuse to change (DUH!).

<SNIP RE: getting the decrypted session key>

> If you need this, someone will probably be able to implement it
for
> you and Shashdot will get a long thread ... 

Yes, I see your point.  Someone will see that you can get at the
decrypted session key and (out of ignorance...) shout about how
this is insecure :(

> >   e) Question on key prefs(gpg --edit-key x| 
> pref)....NAI/PGP created keys
> > report "S2 S3 S1" whilst GnuPG keys (of either type) report 
> "S10 S3 H3 H2 Z2
> > Z1".  I guess Sx refers to symmetric cipher whilst Hx is 
> Hash and Zx is
> 
> This means: Get the cipher algorithm by doing an intersection
of your
> software algorithm list with Twofish, CAST5, 3DES  

3DES is implicitly tagged onto the end...

> and use the first
> match.  Same for hash algorithms and compression algorithm 

This makes Twofish the default algorithm if two GnuPG
implementations (e.g. S10 first in the key options!) are used?

> > compression....My questions on this are: Is the first item 
> in the list the
> > "prefered" option?  Why isn't S3+S4 included in the GnuPG 
> list?  Why does
> 
> You mean S3, S1?  S1 is IDEA and not supported by GnuPG so it
does not
> make sense to create keys which advertise that IDEA may be
used.

(I'm probably confused on this option but...) I meant S3 + S4 -
S3 is CAST & S4 is Blowfish - these two are supported by GnuPG
and I'd expect them to be in this list.

> New GnuPG keys have Blowfish again in their list, as it has
turned out
> that it will take some more time to resolve some problems with
OpenPGP
> extensions.

Not a key I've just created (w/v1.0.0).

> > NAI/PGP list only symmetric ciphers whereas GnuPG offers a 
> more complete
> > list?
> 
> GnuPG is better ;-).  There are some defaults defined, so that
there
> is not real need for this in PGP.  

I see.

> And PGP is not OpenPGP compliant.

Yes, so it would appear ;)


Regards,

Sam Simpson
Communications Analyst
- -- http://www.scramdisk.clara.net/ for ScramDisk hard-drive
encryption & Delphi Crypto Components.  PGP Keys available at the
same site. 
-----BEGIN PGP SIGNATURE-----
Version: 6.0.2ckt http://members.tripod.com/IRFaiad/

iQA/AwUBOHYdi+0ty8FDP9tPEQL+swCgnPj8HiYorZagn3DTz5t0xfTesfAAn2PK
br/1Lf5kJAB80guc2/kzLhYl
=CI4W
-----END PGP SIGNATURE-----