Determining algorithm to be used?

David Shaw dshaw at jabberwocky.com
Fri Nov 19 14:04:34 CET 2004


On Fri, Nov 19, 2004 at 11:13:21AM +0100, Henry Andrew wrote:
> Hi,
> 
> If I encrypt a file, how can I determine which algorithm was or is used
> to encrypt it?  Is it the first algorithm in the list of algos on my
> key??
> 
> If I update prefs to make sure AES256 is first, will encryption
> automatically use this algo??

Not necesssarily.  The algorithm picker works like this:

1) Take the union of all preferences from all recipient keys.  This
   rules out any algorithm that isn't supported by all recipients.
   Note that all recipients understand 3DES, regardless of what the
   preferences say.

2) The personal-cipher-preferences list gets to be the "tie breaker".
   Whatever this lists first is the algorithm that is used, so long as
   it is still in the union (i.e. that all the keys support it).  If
   there are no personal-cipher-preferences set, then the last key is
   used as the tie breaker.

> I want to stop having to use --cipher-algo aes256 every time I encrypt.

You never want to use --cipher-algo with public key encryption.  It's
only safe to use with --symmetric.  The reason why is simple: the
above system to choose algorithms to use is safe - it will never pick
an algorithm that will result in an unusable message by one of the
recipients.  If you use --cipher-algo you override this safety net and
force the use of an algorithm that not all of your recipients can
handle.

The bottom line, if you want to use AES256, is to put this:

  personal-cipher-preferences aes256

in your gpg.conf file.  That will use AES256 whenever possible, but
will never use it if a recipient cannot handle it.

Note that personal-cipher-preferences is a GnuPG 1.4 feature.

David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 251 bytes
Desc: not available
Url : /pipermail/attachments/20041119/0321542d/attachment.bin


More information about the Gnupg-users mailing list