Question abut use of --cipher-algo AES & --openpgp

Peter S. May me at psmay.com
Mon Nov 6 20:21:49 CET 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Johan Wevers wrote:
> Henry Hertz Hobbit wrote:
> 
>> *	3DES:           8C 0D 04  02 03 02
>> *	CAST5:          8C 0D 04  03 03 02
>> *	BLOWFISH:       8C 0D 04  04 03 02
>> *	AES:            8C 0D 04  07 03 02
>> *	AES192:         8C 0D 04  08 03 02
>> *	AES256:         8C 0D 04  09 03 02
>> *	TWOFISH:        8C 0D 04  0A 03 02
> 
> I guess IDEA is 8C 0D 04  01 03 02.
> 

For various reasons (in particular, the flexibility of packet formats in
OpenPGP), you _must not_ expect the fourth byte of a message to always
represent the cipher algorithm; it can appear elsewhere.  If you need to
know what cipher algorithm the message you have is in, pipe it to

gpg --list-packets --list-only

If you just want the number, try this:

gpg --list-packets --list-only 2>&1 | \
 perl -n -e '/^:symkey enc packet:.*?cipher (\d+)/ and print "$1\n"'

The number that results, if any, maps according to RFC 2440 or its most
current de facto variant.  bis-18
(<http://www.ietf.org/internet-drafts/draft-ietf-openpgp-rfc2440bis-18.txt>)
lists these ciphers:

        ID           Algorithm
        --           ---------
        0          - Plaintext or unencrypted data
        1          - IDEA [IDEA]
        2          - TripleDES (DES-EDE, [SCHNEIER] [HAC] -
                     168 bit key derived from 192)
        3          - CAST5 (128 bit key, as per RFC 2144)
        4          - Blowfish (128 bit key, 16 rounds) [BLOWFISH]
        5          - Reserved
        6          - Reserved
        7          - AES with 128-bit key [AES]
        8          - AES with 192-bit key
        9          - AES with 256-bit key
        10         - Twofish with 256-bit key [TWOFISH]
        100 to 110 - Private/Experimental algorithm.

If you'd rather have the name, try

gpg --list-packets --list-only 2>&1 | \
 perl -n -e '/^gpg: (.*?) encrypted data$/ and print "$1\n"'

And note that this is not likely to work as expected on anything that
isn't symmetric-encrypted input.

Have fun
PSM
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFT4tEei6R+3iF2vwRAuP6AJ4kvPtpt/3Ponzqr4JUdrNS6H5EpgCcCMS5
GC8pte0laTZU/EBDdO8t488=
=vug9
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list