Symmetric cipher selection order, RSA keys

David Hollenberg
Fri May 17 13:14:08 2002

I got GNUPG 1.0.7 and installed it on Solaris and it works great!  But I 
have a few questions:

1. Suppose I encrypt a message to two public keys, whose symmetric cipher
   preferences are:

	Key 1:  AES, CAST5, 3DES
	Key 2:  CAST5, AES, 3DES

   Which cipher will GNUPG pick?  Can I influence GNUPG's choice
   (e.g., via a list of ciphers that *I* prefer), other than by
   using the --cipher-algo option?  What algorithm for selecting
   symmetric cipher do other versions of PGP use, when there is
   more than one choice?

2. Can GNUPG generate RSA encryption keys or sign and encrypt keys?
   If not, will it ever do so?  The only RSA choice I an find is "RSA
   sign only".

3. My company needs to be able to receive encrypted files (encrypted to
   our public key) that we will decrypt.  There is no requirement for
   signature verification and we don't need to send encrypted files to
   others.  I would rather not support PGP 2.6.x.  If we do have to
   support it, we could generate an RSA key from PGP 2.6.x, self-sign
   it, import it into GNUPG and publish it as our 2.6.x public key (we
   are licensed to use IDEA).  I have confirmed that this works, but
   would this be a violation of the "no commercial use" clause of the 2.6.x
   license?  The public key would be generated by 2.6.x but only used
   by GNUPG.

4. Does anyone have any idea what percentage of people still use 2.6.x
   instead of a (more or less) OpenPGP compliant version of PGP?
   Is this percentage declining?

5. I noticed that CERT issues a new public key periodically with a one 
   year expiration period.  If we don't need to sign messages, is
   this a good model to use?

Thanks for any help you can provide and thanks for a fantastic program.

David Hollenberg
MOSIS Service                            Voice 310-448-8704
Information Sciences Institute           FAX   310-823-5624
University of Southern California
4676 Admiralty Way
Marina del Rey, CA 90292