Session Key Questions

Kevin Hilton kevhilton at
Tue Oct 21 16:48:47 CEST 2008

>Depends on what algorithm you're using for the symmetric cipher.  A 128-bit cipher gets a 128-bit session key, a 256-bit cipher gets a 256-bit session key.  The only exception might be 3DES, which >technically requires a 192-bit session key, but since only 168 bits get used, there could be some discrepancy there.
>> When the session key is randomly generated (asymmetric encryption),
>> how large is the session key?  Is the length set or does it depend on
>> other parameter such as the length of the DSA/RSA key or hash?
> It is the key size of your symmetric cipher.  So AES256 == 256 bits, AES128
> == 128 bits, etc.

Thanks for rapid response -- I guess I'm missing out on some of the
more basic details.  Just a quick followup.  If I'm planning on using
gpg to symmetrically encrypt a file for example, and choose a
password.  This password is salted and hashed.  Say for theoretical
reasons SHA512 was used to perform the hashing producing a 512 bit
hash result.  Would then hash then be rounded, or the right most bits
excluded if it were to used with AES encryption (which requires a 128
bit key)?  In the opposite situation, say SHA1 produced a 160 bit hash
result and I wanted to use AES256 (which requires a 256 bit key) --
would "extra bits" be added onto the hash result to pad the results up
to 256 bits?

Using the defaults as provided in the standard gpg.conf file -- what
hash is used in the normal salting/hashing process during symmetric
encryption?  I dont believe this is the s2k-digest-algo since this is
for key protection.

Kevin Hilton

More information about the Gnupg-users mailing list