Werner Koch wk@gnupg.org
Mon, 8 Jan 2001 09:39:38 +0100

On Sun, 7 Jan 2001, Peter Schuller wrote:

> I'm just wondering; in what manner is Rijndael supported? I see no mention
Rijndael (aka AES) is fully supported. Because it is a symmetric cipher you won't see it in the key generation menu. However, Rijndael is listed with top priority in the preferences for symmetric algorithms.
> I may be confused about this, but the way I understand it one algorithm is
> used to encrypt/decrypt actual content, and one algorithm is used to encrypt
> the private key with a passphase.
The default algorithm used to protect the passphrase is CAST5. The default algorithm used for symmetric only encryption (gpg -c) is also CAST5 - you change this with the option --cipher-algo RIJNDAEL. If you use --s2k-cipher-algo RIJNDAEL both, passphrase protection and symmetric only encryption, uses RIJNDAEL. Unless you use --cipher-algo, the symmetric algorithm used for normal public key encryption is calculated by looking at the preferences of all recipients keys.
> Also, does Rijndael support arbitrary key sizes? I've seen horrifying
> statements that it supports "256 bit keys" (and similar) which would
> indicate that it does *not*.
AES is defined to allow 3 key seizes: 128, 192, 256 bit. I don't suggest to use 192 or 256 because this is just overkill for almost all applications of GnuPG. Werner -- Werner Koch <wk@gnupg.org> GNU Privacy Guard (http://www.gnupg.org) Free Software Foundation Europe (http://www.fsfeurope.org) [Please see X-* mail header for OpenPGP key info] -- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org