A few more GnuPG / NAI questions

Simpson, Sam s.simpson@mia.co.uk
Fri, 7 Jan 2000 17:04:35 +0000

Hash: SHA1

> -----Original Message-----
> From: Werner Koch [mailto:wk@gnupg.org]
> Sent: 07 January 2000 16:47
> To: s.simpson@mia.co.uk
> Subject: Re: A few more GnuPG / NAI questions
> [I removed the crosspost to -devel]
> On Fri, 7 Jan 2000, Simpson, Sam wrote:
> > a) Will GnuPG support "as standard" RSA (with or without
> IDEA) from Sept
> > 2000?
> Sure. However I still think that DSA keys are better.
FWIW, I agree totally - but there are still many "die hard" RSA users that refuse to change (DUH!). <SNIP RE: getting the decrypted session key>
> If you need this, someone will probably be able to implement it
> you and Shashdot will get a long thread ...
Yes, I see your point. Someone will see that you can get at the decrypted session key and (out of ignorance...) shout about how this is insecure :(
> > e) Question on key prefs(gpg --edit-key x|
> pref)....NAI/PGP created keys
> > report "S2 S3 S1" whilst GnuPG keys (of either type) report
> "S10 S3 H3 H2 Z2
> > Z1". I guess Sx refers to symmetric cipher whilst Hx is
> Hash and Zx is
> This means: Get the cipher algorithm by doing an intersection
of your
> software algorithm list with Twofish, CAST5, 3DES
3DES is implicitly tagged onto the end...
> and use the first
> match. Same for hash algorithms and compression algorithm
This makes Twofish the default algorithm if two GnuPG implementations (e.g. S10 first in the key options!) are used?
> > compression....My questions on this are: Is the first item
> in the list the
> > "prefered" option? Why isn't S3+S4 included in the GnuPG
> list? Why does
> You mean S3, S1? S1 is IDEA and not supported by GnuPG so it
does not
> make sense to create keys which advertise that IDEA may be
used. (I'm probably confused on this option but...) I meant S3 + S4 - S3 is CAST & S4 is Blowfish - these two are supported by GnuPG and I'd expect them to be in this list.
> New GnuPG keys have Blowfish again in their list, as it has
turned out
> that it will take some more time to resolve some problems with
> extensions.
Not a key I've just created (w/v1.0.0).
> > NAI/PGP list only symmetric ciphers whereas GnuPG offers a
> more complete
> > list?
> GnuPG is better ;-). There are some defaults defined, so that
> is not real need for this in PGP.
I see.
> And PGP is not OpenPGP compliant.
Yes, so it would appear ;) Regards, Sam Simpson Communications Analyst - -- http://www.scramdisk.clara.net/ for ScramDisk hard-drive encryption & Delphi Crypto Components. PGP Keys available at the same site. -----BEGIN PGP SIGNATURE----- Version: 6.0.2ckt http://members.tripod.com/IRFaiad/ iQA/AwUBOHYdi+0ty8FDP9tPEQL+swCgnPj8HiYorZagn3DTz5t0xfTesfAAn2PK br/1Lf5kJAB80guc2/kzLhYl =CI4W -----END PGP SIGNATURE-----