Removing AES

Adam Pavelec apavelec at benefit-services.com
Tue Feb 10 12:00:01 CET 2004 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday, February 10, 2004 11:17 AM [GMT-5=EST], David Shaw
<dshaw at jabberwocky.com> wrote:

>> Is it possible to create a new GPG key that excludes any
>> and all AES algorithms.  If so, how would one go about
>> doing such a thing?
> 
> This is a "how do I use this blowtorch to turn this screw"
> sort of question.  The underlying assumption is incorrect,
> so the request (removing AES) won't solve the problem.
> 
> If you can post some details about what isn't working, and
> what happens when you try, then we can likely help you. 
> Hundreds, if not thousands, of people use GnuPG along with
> PGP 7 and 8 every day. 
> 
> Be specific about what you did, and what you saw.

Personally, I didn't do or see anything.  My organization has a
key that was created with GPG version 1.2.3 using the default
options.  The party who is attempting to encrypt data to this
key "has determined that the version of PGP that is being used
(PGP 7.0.1) contains a bug that prevents it from generating a
ciphertext file as output when the AES256, AES192, and AES128
symmetric algorithms are defined as the preferred symmetric
Algorithms in an imported PGP key.  The exact nature of the bug
is unknown at this time."

Their report goes on to state that they "have demonstrated that
the bug affects keys generated with PGP v8.0.2 and all GnuPG
versions due to the default options...  Specifically, these
products apparently default to generating keys that specify the
AES symmetric algorithms as the first three preferred
algorithms."

Until they upgrade their PGP installation, they state that it is
impossible to encrypt data to our GPG-created key unless we
provide them with an "encryption key [that] must be either
created or edited to exclude AES variations from the preferred
set of symmetric algorithms specified in the key."

Again, I am uncertain to the validity of this claim, but I have
since created a new key that I have set (and updated) the
preferences to exclude any AES algorithms.  If you are
interested, I will let you know if this new key is interoperable
with their current PGP install.

Adam


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4

iD8DBQFAKQ3qDwRQnkBSh2sRAjzNAJ9O9Wiycs2ztZFLPiWOL9fudhAONACgjX4D
dm0AW6iuvG98WKksAN2m1vw=
=JHlF
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list