1.07 RSA support questions

David Shaw dshaw@jabberwocky.com
Mon Jun 3 19:14:01 2002

On Mon, Jun 03, 2002 at 10:32:42AM -0500, Larry Ellis wrote:
> David Shaw wrote:
> >
> > > 1. When encrypting to a legacy RSA key, I get 3DES, not IDEA, as my
> > > cipher choice even though the IDEA plugin is installed.  I have no
> > > cipher override in the options file, though at one time I *did* have
> > > 3DES there...  Of course, if --pgp2 is used, IDEA *is* used as
> > > expected.  Perhaps I should place --pgp2 in my options file? Are there
> > > any disadvantages to doing so?
> >
> > Yes, there are.  If "pgp2" is set in the options file, GnuPG disables
> > certain options that you might want to use (like sign&encrypt in one
> > step!)
> >
> Ok, then I'd best not put pgp2 in my options file.  This still leaves open
> one question:  why would 3des be chosen as the default cipher for a legacy
> RSA key?   1.06 used RSA/IDEA as I recall, while as opposed to 1.07's
> RSA/3DES (at least this is happening for me).
> Is this a change in behavior, or a possible bug?

Not a bug or change in behavior.  1.0.6 did RSA/3DES also.

The reason that GnuPG does not use IDEA for legacy keys by default is
that it has no way to know the capabilities of the OpenPGP program on
the other side.  IDEA is not required by OpenPGP, so without a
preference list to tell GnuPG that IDEA is a possibility, it can't
safely use it.  Preference lists generally don't exist on legacy keys,
though if one is present, GnuPG will use it.  The current development
GnuPG allows you to add a preference list to a legacy key.

When you use --pgp2 you are telling GnuPG that you *know* the program
on the other side can handle IDEA, so it uses it.


   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson