Question regarding s2k algorithms

Kevin Hilton kevhilton at
Mon Nov 17 03:11:20 CET 2008

Just wondering specifically is the option

Does this option specifically refer to one particular digest algorithm
or a list of algorithms.  I'm just thinking there may be a problem
with a few different scenarios if this refers to only one algorithm if
for example the SHA256 algorithm is used.
1. Symmetric Encryption -- Using symmetric encryption to specifically
password protect a file, the chosen password is salted and hashed with
the algorithm specificied with the s2k-digest-algo.  I would assume
however if this file along with the password was distributed, that the
recipient's gpg version would need to specifcally have to have the
SHA256 enabled in their build or a problem would result.

2. Asymmetric Encrytion -- Am I wrong to assume, but isn't the session
key salted and hashed in the same manner?  Again, wouldn't the
recipient need the specific hashes installed.


If you are using a "stock" gpg.conf file, and say for example this
variable is set to Camellia, or IDEA.  If you use this "stock"
gpg.conf file with another gpg version that doesn't have these ciphers
compiled in -- What results?  A default back to CAST5?  What if you
change this parameter after keys are already stored on the keyring?
Will this confuse things?

And lastly what specifically is the purpose of the -for-your-eyes-only
flag?  Is this option currently still in use, or only included for
backwards compatibility purposes.

Kevin Hilton

More information about the Gnupg-users mailing list