Session Key Questions

Kevin Hilton kevhilton at
Wed Sep 17 18:04:29 CEST 2008

>> for ?? historical reasons of compatibility ?? with pgp 5+
>> the default cipher that will be used for encryption, and also for
>> protection of the secret key, is CAST-5, not 3DES

>Nope, 3DES is the only MUST cipher algorithm and thus used as the
>last-resort if the preference system can't decide upon on the

>CAST5 is like IDEA only a SHOULD in OpenPGP as per rfc2440.  The
>updated OpenPGP (rfc4880) changed this SHOULD algorithms to AES-128
>and CAST5 but kept 3DES as MUST algorithm.

So what is GnuPG's default implementation is no symmetric cipher is
specified?  Since it includes AES-128, CAST5, and 3DES in all recent
distributions, does it use AES-128 or 3DES as the default symmetric
cipher if no cipher is specified on the command line, or within the
sender's gpg.conf file?  I would assume that it would look at the
preferences of the public encryption key, and likely pick the first
cipher on the list.  Since in most recent versions of GPG, AES256 is
the first algorithm specified (as demonstrated with the showpref
command), that the sender in turn would reply with an AES256
symmetrically encrypted message (if possible).  If an older version of
GPG were being used that didnt support AES, it would likely then
choose among rank ordered subsequent algorithms as shown in the
setpref commad.  Following this logic however, it would seem for me
that CAST5 would be chosen preferentially rather than 3DES:
Cipher: AES256, AES192, AES, CAST5, 3DES, IDEA

Other than for backward compatibility purposes, I thought the
encryption community had turned their backs on CAST5, but not 3DES.

More information about the Gnupg-users mailing list