Symmetric cipher selection order, RSA keys

David Shaw
Fri May 17 19:54:01 2002

On Fri, May 17, 2002 at 04:30:51PM +0000, Brian M. Carlson wrote:
> On Mon, May 13, 2002 at 07:29:08AM -0700, David Hollenberg wrote:
> > I got GNUPG 1.0.7 and installed it on Solaris and it works great!  But I 
> > have a few questions:
> > 
> > 1. Suppose I encrypt a message to two public keys, whose symmetric cipher
> >    preferences are:
> > 
> > 	Key 1:  AES, CAST5, 3DES
> > 	Key 2:  CAST5, AES, 3DES
> > 
> >    Which cipher will GNUPG pick?  Can I influence GNUPG's choice
> >    (e.g., via a list of ciphers that *I* prefer), other than by
> >    using the --cipher-algo option?  What algorithm for selecting
> >    symmetric cipher do other versions of PGP use, when there is
> >    more than one choice?
> I don't know. This is a question for Werner or David.

(Sorry - missed this message when it was first posted)

Anyway, GnuPG will pick either AES or CAST5 in this case, depending on
the order in which the keys are given during encryption.  You can
influence these choices with --cipher-algo (which forces a given
algorithm, disregarding the preferences), and --disable-cipher-algo
which removes a given algorithm from the available list.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson