Leigh S. Jones
Wed May 8 16:10:01 2002

Yes, and of course there are a number of people out there using
erlier implementations of PGP that produce outputs encrypted
to idea only.  Even with the modern implementations of PGP
using DSS/ELG-E keys the senders PGP key could be set up
to accept idea only and then the message encryption performed
both keys.

But Sahar Witt took his PGP generated DSS/ELG-E key to
gpg and his customer encrypted to idea using his PGP public
key's preference, prompting my response.

vedaal wrote:

> > > Leigh S. Jones, KR6X wrote:
> >
> >  If the encrypted data will be encrypted to your
> > keys, then GnuPG 1.0.7 allows you to select your preference
> > of encryption algorithms.  PGP 6.x or 7.x will encrypt to the
> > preferred algorithms on your key.  GnuPG will decrypt this
> > data OK.  Thank you, OpenPGP Foundation.
> >
> > Of course, if you created your keys on PGP, the preferred
> > algorithm on the key will be "idea".  You can export a key
> > like this from PGP to GnuPG and be able to send messages
> > one way only -- from GnuPG to PGP.  PGP will encrypt to
> > your "idea" preference, and you'll need to add "idea" to
> > your GnuPG installation to be able to decrypt.
> >
> > But if you change the key preferences from "idea" to, say,
> > AES, then "gpg -a --export <key>" the public key back to PGP,
> > then PGP will start encrypting keys to AES.  Interoperability
> > restored.  Send the public key to the keyserver and everyone
> > with fairly up-to-date software revisions will be able to find
> > out which algorithm you prefer.
> ...
> there still remains a minor potential interoperability problem:
> if a pgp user encrypts a message to a recipient's dh key, and (by
> to his own v3 rsa key,
> (inconvenient to change a long-standing key that has come to be
known and
> trusted by many correspondents)
> and the recipient's dh key was generated in pgp
> {and therefore 'allows'  the idea cipher for that key, even if it is
not the
> preferred one}
> then the message will have 'idea' as the symmetric cipher for 'both'
> even if the pgp user specifies a different algorithm,
> as long as the 'idea' algorithm is not disabled
> now, if the recipient was a previous pgp user, and moved to gnupg,
and took
> the pgp generated dh keys with him,
> but does not use the 'idea' module, in gnupg,
> then the message will not be decryptable in gnupg
> this can easily be worked around by having the pgp user (sender)
> disable the 'idea' cipher for messages to those recipients where
this may be
> an issue
> this does not apply to gnupg users whose keys were generated in
> without the idea module,
> as then pgp will automatically pick a symmetric cipher common to
both keys,
> and not use idea
> hth,
> vedaal