Can you clarify when data compression is used?

David Shaw dshaw at
Tue Feb 5 04:52:22 CET 2008

On Mon, Feb 04, 2008 at 09:26:14PM -0600, Kevin Hilton wrote:
> Im aware of the personal cipher preferences and personal hash
> preferences, but when talking about the defaults I specifically asking
> if gpg were installed from source -- no modifications made -- and gpg
> keys were created - what default cipher and hash would be listed first
> in the list with the keys?
> Without any intervention
> gpg-key-gen
> It appears to manually choose a DSA signing key (DSA vs DSA2 --
> ambiguous since the man pages contain a switch to --enable-dsa2 in the
> gpg.conf file) with SHA1 hash -- or at least the SHA1 hash is ranked
> first in the key preference list

As I said earlier, DSA.  Trust me.  It's really DSA.

DSA doesn't have a particular hash (so it can't have SHA1 or anything
else as a hash).  It has a hash length.  Don't get hung up on the
DSA/DSA2 thing.  In actuality, there is no such algorithm as "DSA2".
Most people call DSA with a key larger than 1024 bits or a hash larger
than 160 bits "DSA2" for convenience.  All the --enable-dsa2 switch
does (and again, it's off by default in 1.4.8 and 2.0.8), is allow you
to generate a DSA key that is larger than 1024 bits or has a hash
larger than 160 bits.

> For the encryption key - a ElGamal 2048 bit key is the default with
> AES chosen as the first cipher contained in the key cipher preference.

No.  The first cipher is AES256.  AES and AES256 are not the same
cipher (AES in OpenPGP is AES128).
> What I want to know is obviously GnuPG comes with a
> --default-preference-list "built-in".  If I dont specify this setting
> in the gpg.conf file, what string is used by default?  This would
> basically reveal the order and list of all the defaults for ciphers,
> hashes, and compression settings.

As of 1.4.8 and 2.0.8, and subject to change in future versions:

Cipher:      AES256, AES192, AES, CAST5, 3DES
Hash:	     SHA1, SHA256, RIPEMD160
Compression: ZLIB, BZIP2, ZIP, None

You could see this for yourself: generate a key, and run "showpref" on
it (which is in the manual, by the way).


More information about the Gnupg-users mailing list