GnuPG Defaults

Robert J. Hansen rjh at
Wed Sep 17 06:50:17 CEST 2008

Kevin Hilton wrote:
> I'm sure its probably contained in one of the RFC's, however when was
> DSA signing keys and ElGamal Encryption keys, along with the AES-256
> cipher and SHA1 digest chosen as the defaults for key generation?  Any
> particular reasons these were chosen as the defaults?

DSA-1024 is a MUST in the RFC, and therefore is interoperable with every
conforming OpenPGP implementation.  Likewise with SHA-1.

AES is a SHOULD, and is interoperable with the great majority of OpenPGP
applications (PGP 7.1+).

As DSA-2048 and DSA-3072 support becomes more commonplace (read: as
people migrate away from older versions of PGP and GnuPG, a process that
takes astonishingly long), you can expect to see the defaults change.  I
don't know too many people who are still enthusiastic about DSA-1024,
although it's still considered infeasible to break it.

More information about the Gnupg-users mailing list