Symmetric cipher selection order, RSA keys
David Hollenberg
dhollen@mosis.org
Fri May 17 13:14:08 2002
I got GNUPG 1.0.7 and installed it on Solaris and it works great! But I
have a few questions:
1. Suppose I encrypt a message to two public keys, whose symmetric cipher
preferences are:
Key 1: AES, CAST5, 3DES
Key 2: CAST5, AES, 3DES
Which cipher will GNUPG pick? Can I influence GNUPG's choice
(e.g., via a list of ciphers that *I* prefer), other than by
using the --cipher-algo option? What algorithm for selecting
symmetric cipher do other versions of PGP use, when there is
more than one choice?
2. Can GNUPG generate RSA encryption keys or sign and encrypt keys?
If not, will it ever do so? The only RSA choice I an find is "RSA
sign only".
3. My company needs to be able to receive encrypted files (encrypted to
our public key) that we will decrypt. There is no requirement for
signature verification and we don't need to send encrypted files to
others. I would rather not support PGP 2.6.x. If we do have to
support it, we could generate an RSA key from PGP 2.6.x, self-sign
it, import it into GNUPG and publish it as our 2.6.x public key (we
are licensed to use IDEA). I have confirmed that this works, but
would this be a violation of the "no commercial use" clause of the 2.6.x
license? The public key would be generated by 2.6.x but only used
by GNUPG.
4. Does anyone have any idea what percentage of people still use 2.6.x
instead of a (more or less) OpenPGP compliant version of PGP?
Is this percentage declining?
5. I noticed that CERT issues a new public key periodically with a one
year expiration period. If we don't need to sign messages, is
this a good model to use?
Thanks for any help you can provide and thanks for a fantastic program.
David Hollenberg dhollen@mosis.org http://www.mosis.org/
MOSIS Service Voice 310-448-8704
Information Sciences Institute FAX 310-823-5624
University of Southern California
4676 Admiralty Way
Marina del Rey, CA 90292