Question abut use of --cipher-algo AES & --openpgp

Henry Hertz Hobbit hhhobbit at securemecca.net
Fri Nov 3 01:10:11 CET 2006 

On Thu, 2006-11-02 at 16:26 -0500,  Patrick R. Dunbar
<pdunbar at boothnewspapers.com> wrote:


> I am required to encrypt a document using the --cipher-algo AES switch
> using gpg on a Solaris 10 system using gpg (GnuPG) 1.2.6.
> The company that is receiving this file requires that the file be
> encrypted with the --openpgp switch.
> I have run --edit-key showpref on the receiving key and it shows that
> AES is a usable cipher.
> 
> My question: does the --openpgp switch interfere with the --cipher-algo
> AES switch?
> Also is there any way to check if a gpg encrypted file is encrypted
> using AES?
> 
> Thanks in advance for any replies.

The --openpgp should not cause any problems for you.

For all of the following, I used the exact same file to encrypt and
the same password and only changed the encipher program. I give the
first six bytes of each file for each cipher method:

3DES:		8C 0D 04  02 03 02
CAST5:		8C 0D 04  03 03 02
BLOWFISH:	8C 0D 04  04 03 02
AES:		8C 0D 04  07 03 02
AES192:		8C 0D 04  08 03 02
AES256:		8C 0D 04  09 03 02
TWOFISH:	8C 0D 04  0A 03 02

It looks like byte four is your key, and 0x07 is what indicates an
AES enciphered file.  But if you are using AES192 it would be 0x08,
and AES256 would be 0x09.  Tell me if I got it wrong people!  The
reason why is rather than the "file" program saying "data", it
could tell from the first three bytes that the file is an OpenPGP
(only GnuPG?) file with a symmetric cipher (the 03 02 in bytes 5-6?),
and the fourth byte can tell us which cipher it is.

I ordered them in ascending order NUMERICALLY, not in choice of
cipher, but they are roughly in order for that as well (with
TWOFISH some where in among those AES ciphers, not necessarily
better than any of them).  Does that do it for you?  I could send
you the program to do it, but it would have to be compiled on
Solaris 8 which is all I have available to me.  This really does
need to be integrated into all of the vendors "file" program on
all of the nixes.

I wouldn't worry too much about AES.  Both PGP and GnuPG and a
lot of other programs will handle it if that is REALLY what you
are asking.  I think it is what you are asking.  I decided to
turn on the fire hose 8^).  Hey, you asked for it and "file"
didn't provide it!  I would use C, but you could use PERL and
do it yourself.

HHH

More information about the Gnupg-users mailing list