Available and default options

David Shaw dshaw at jabberwocky.com
Mon Feb 26 21:52:31 CET 2007

On Sat, Feb 24, 2007 at 02:15:10PM -0800, Dan Tipton wrote:
> Hello,
> I have a question about how GPG assigns default
> preferences to a key. When I check the version I get a
> list of supported ciphers, digests, etc:
> Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256,
> Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512
> Compression: Uncompressed, ZIP, ZLIB, BZIP2
> But then when I create a key with the default settings
> & do a showpref, the key doesn't include all supported
> options:
> Cipher: AES256, AES192, AES, CAST5, 3DES
> Digest: SHA1, RIPEMD160
> Compression: ZLIB, ZIP, Uncompressed
> It seems to me that the key should include all the
> options it is capable of using.

This is an example of "be liberal in what you accept, conservative in
what you generate".  In theory, it shouldn't matter what algorithms
were listed in the preference list as the OpenPGP protocol would never
allow using an algorithm that couldn't be handled by all users.

In practice, however, it turned out that not all programs properly
handled preferences, and there were issues with people generating a
key with one program and using it on another without resetting the
preferences to what the new program could handle, and things like

Even though most of the old systems are no longer used, the end result
is the preference list as you see it now, and there is high confidence
that it will interoperate with anything.  Nothing stops you from
putting whatever algorithm you want in there, of course.


More information about the Gnupg-users mailing list