Can you clarify when data compression is used?

David Shaw dshaw at
Mon Feb 4 19:18:38 CET 2008

On Mon, Feb 04, 2008 at 07:35:11AM -0600, Kevin Hilton wrote:
> >
> >
> > The one specific piece of advice:
> >
> >  * Unless you can articulate a clear need why the defaults will not
> >    work for your purpose, stick with the defaults.
> I think I've seen this piece of advice before, and for the most part I
> agree with it.  The problem I have, is that no where in the
> documentation are the defaults specified.  You want me to trust the
> defaults, but my contention is, at least tell me what the defaults are
> -- no explanation needed.  We had this discussion with the default
> cipher and hash choices.  When you tell me that dsa2 is enabled by
> default (in newer GnuPG versions), however in the man pages there is
> still a --enable-dsa2 flag, I hope you understand my confusion.

DSA2 is not enabled by default.  It can be enabled with --openpgp or
--rfc4880 (or --enable-dsa2 of course).

> I'm still confused what default cipher is chosen automatically (for
> me its AES).

There isn't a straightforward answer.  Basically, there is a list of
ciphers that is put in each key by default.  Currently that list is
AES256, AES192, AES, CAST5, and 3DES, but it can be changed at key
generation time (via the --default-preference-list option), or any
time afterwards (via the --edit-key command "setpref").

At encryption time, the list of possible ciphers is retrieved from
each recipient key, and a cipher is chosen that all recipients can
handle.  This guarantees that you never send a message that your
recipient won't be able to read.

It isn't always AES for you - it's just that for that particular
message, AES happened to work for all the recipients.


More information about the Gnupg-users mailing list