GnuPG Defaults

Kevin Hilton kevhilton at
Wed Sep 17 07:27:54 CEST 2008

> 3DES is the default cipher for every and all OpenPGP compliant program.
>> Any knowledge on why ElGamal was chosen over RSA as the default
>> session key cipher?
> I'm not sure what you mean by "session key cipher".  Elgamal, like RSA, is a
> public key (aka "asymmetric") algorithm.  It was chosen largely because it
> was patent-free, and at the time, RSA was most certainly not.
> David

Just one point of clarification since I'm not using the proper
terminology, but I thought ElGamal/RSA was used only as the asymmetric
algorithm which acted to encrypt/decrypt the session key.  As with all
asymmetric key encryption algorithms, each has 3 parts: the key
generator, the encryption algorithm, and decryption algorithm.  I
thought however once the encryption key was generated, this key would
be used to encrypt the randomly generated session key -- which would
be later decrypted, and then used as input to the symmetric cipher to
decrypt the ciphertext to plain text.

And lastly -- not to beat a dead horse, but using gnupg 1.4.10
compiled from svn with the IDEA module included -- I generated a new
key and then viewed the key preferences (no changes have been made to
the gpg.conf file -- the file is in its default state).  I received
the following as the preferences:

Cipher: AES256, AES192, AES, CAST5, 3DES, IDEA
Digest: SHA1, SHA256, RIPEMD160
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, Keyserver no-modify

Would not this output seem to imply the key was generated with
preference for the AES family over 3DES?  I am aware that at a minimum
keys are always created with 3DES included in the cipher preference
list.  Possibly both you and I are confusing the idea of default.  I
am aware of default in terms of compatibility that 3DES must be
included in any OpenGPG compliant implementation, however I thought as
a "default", gnupg preferred AES over 3DES (as over 1.4.8).

Kevin Hilton

More information about the Gnupg-users mailing list