CAMELLIA
John W. Moore III
jmoore3rd at bellsouth.net
Thu Jun 12 13:42:19 CEST 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Laurent Jumet wrote:
> Hello !
>
> Is CAMELLIA implemented in 1.4.9 or should we install a plug-in like IDEA.DLL ?
"Implemented" = Yes; in that it is present but Camellia is *not* Enabled
by default. In order to Enable Camellia You will need to Build GnuPG
with the --enable-camellia Flag in place. Before You rush to do this
however I think You should re-read the Cautionary Message from David
Shaw regarding the advisability of this:
****************************************************************************
Some people have noticed that I recently committed support for the
Camellia cipher in GnuPG. Here's the story behind that.
Camellia is not currently part of OpenPGP, and will also not be part
of the upcoming "2440bis" updating of RFC-2440. It has been proposed,
however, that right after 2440bis is published, the OpenPGP Working
Group take the necessary steps to add Camellia. To simplify
interoperability testing between different OpenPGP implementations,
I've added Camellia to GnuPG. Naturally, it is disabled by default
and the only people who should really enable it are those doing
interoperability work.
While it is impossible for me to stop people from enabling and using
it, be warned of a few things: first, Camellia isn't part of OpenPGP
yet, and if for whatever reason it doesn't become part of OpenPGP, you
won't be able to decrypt anything you've encrypted with Camellia.
Similarly, as Camellia has not been assigned an OpenPGP cipher number,
I've picked 11 (the next unassigned number). If Camellia gets
approved with a different number, you won't be able to decrypt
anything you've encrypted with this version of Camellia. Finally, if
there is some error in the current GnuPG usage of Camellia that we
later fix, you again won't be able to decrypt.
I'm not going to go into whether Camellia is considered strong or not,
as it's not really relevant to this discussion: even if Camellia was
the strongest cipher in the world, you should still not enable it for
the reasons given above.
Rest assured that if/when Camellia is approved (or even on a
reasonable track to approval), it will be enabled for general use.
David
******************************************************************************
I "re-printed" this here to refresh the memories of folks who may have
missed/forgotten David's original comments on Camellia.
33
JOHN ;)
Timestamp: Thursday 12 Jun 2008, 07:41 --400 (Eastern Daylight Time)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.5.0-svn4754: (MingW32)
Comment: Public Key at: http://tinyurl.com/8cpho
Comment: Gossamer Spider Web of Trust: https://www.gswot.org
Comment: Homepage: http://tinyurl.com/yzhbhx
iQEcBAEBCgAGBQJIUQuZAAoJEBCGy9eAtCsPrkwIAKeFHntAmngQwW+S5oOxKO6t
Gd5ocuzNPjdcy3QZPrMPoSxR/K/V7bY0w2bP5M+NnMc9oy24fS1FiGYGVrscUCJY
/V0jMBvRwRb/ouIn57HefV6gVOtjVQ4UtWv2AIRIbn9WnnT21qGc13QVUNYlT6Xv
Rg9iPryYD/Ib/NcJYJ4SKy0evNezPxILtmrzlVR6k5KtCPDFIzj/0Jb3UhUqNbDc
54WAXzubz2sfYJRSwlnkN26xuqrS8PMGmoYxbfKpn3zAWh9ZprXwjjJPjPumkgKx
qZiClAooJbOT5nZ6l3qvmR7XFUb/JUasypIBLVzNBO8UBZVjWzIspuqW9k5n1KM=
=1n4n
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list