Symmetric cipher selection order, RSA keys

David Shaw dshaw@jabberwocky.com
Wed May 22 16:18:01 2002 

On Fri, May 17, 2002 at 01:54:57PM -0400, David Shaw wrote:
> On Fri, May 17, 2002 at 04:30:51PM +0000, Brian M. Carlson wrote:
> > On Mon, May 13, 2002 at 07:29:08AM -0700, David Hollenberg wrote:
> > > I got GNUPG 1.0.7 and installed it on Solaris and it works great!  But I 
> > > have a few questions:
> > > 
> > > 1. Suppose I encrypt a message to two public keys, whose symmetric cipher
> > >    preferences are:
> > > 
> > > 	Key 1:  AES, CAST5, 3DES
> > > 	Key 2:  CAST5, AES, 3DES
> > > 
> > >    Which cipher will GNUPG pick?  Can I influence GNUPG's choice
> > >    (e.g., via a list of ciphers that *I* prefer), other than by
> > >    using the --cipher-algo option?  What algorithm for selecting
> > >    symmetric cipher do other versions of PGP use, when there is
> > >    more than one choice?
> > 
> > I don't know. This is a question for Werner or David.
> 
> (Sorry - missed this message when it was first posted)
> 
> Anyway, GnuPG will pick either AES or CAST5 in this case, depending on
> the order in which the keys are given during encryption.  You can
> influence these choices with --cipher-algo (which forces a given
> algorithm, disregarding the preferences), and --disable-cipher-algo
> which removes a given algorithm from the available list.

After thinking about this some more, I think that a list of algorithms
that the user favors is a good idea.  I've added
"--personal-preference-list" to the CVS.  GnuPG will take this list
into account when picking algorithms.

You can't use it to violate the RFC by forcing an algorithm that the
recepients do not have - it only applies to cases where there are
common algorithms among all recepients and in the personal preference
list.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson