Cipher in public key
MindFuq
mindfuq@comcast.net
Sun Nov 3 17:47:01 2002
* lomax <lomax@zmail.sk> [2002-11-01 17:56]:
>
> when creating the keys,,, I'm not asked about the cipher-algorithm.
You might say it's a shortcoming of GPG. When you generate an
asymmetric key pair, the private key is encrypted with a symmetric
algorithm using your chosen passphrase as the key. It would be nice
if the key generator would ask you what symmetric algorithm you
prefer, and default it for users who might not know what they're
doing.
I believe GPG simply defaults to CAST5 unless you override it w/ the
--s2k-cipher-algo switch.
> however, if I take a look, at my public key in PGP 8.0, it refers to
> my key as type: DH/DSS, which is right and then: cipher - AES-128.
>
> how is the cipher-algorithm related to the key? [I thought it's
> independent from the key]
> why is it showing AES-128? is there a way to put there something else?
Now this is a different than the case above. AES128 is a property in
your certificate that merely recommends which symmetric algorithm to
use. So here's what will happen if you distribute your certificate
with AES128 as your preferred crypto: the person who sends you a
message will know that you would like to receive AES128 messages, and
if their software supports it, that is likely what will be used,
unless they override it.
In GPG, you can go and change your preferred algorithm to whatever you
want using the --edit-key command. Keep in mind the sender has
ultimate authority, and can override it with whatever they want when
they encrypt a message.
BTW- if you're going to post to a mailing list by replying to some
unrelated thread, you should remove the In-Reply-To header field so it
doesn't appear to readers like a response to the unrelated thread. It
looks like you were following up the "Web of Trust" thread.