Session Key Questions

David Shaw dshaw at
Wed Sep 17 18:21:42 CEST 2008

On Wed, Sep 17, 2008 at 11:04:29AM -0500, Kevin Hilton wrote:
> >> for ?? historical reasons of compatibility ?? with pgp 5+
> >> the default cipher that will be used for encryption, and also for
> >> protection of the secret key, is CAST-5, not 3DES
> >Nope, 3DES is the only MUST cipher algorithm and thus used as the
> >last-resort if the preference system can't decide upon on the
> >algorithm.
> >CAST5 is like IDEA only a SHOULD in OpenPGP as per rfc2440.  The
> >updated OpenPGP (rfc4880) changed this SHOULD algorithms to AES-128
> >and CAST5 but kept 3DES as MUST algorithm.
> So what is GnuPG's default implementation is no symmetric cipher is
> specified?  Since it includes AES-128, CAST5, and 3DES in all recent
> distributions, does it use AES-128 or 3DES as the default symmetric
> cipher if no cipher is specified on the command line, or within the
> sender's gpg.conf file?  I would assume that it would look at the
> preferences of the public encryption key, and likely pick the first
> cipher on the list.


> Since in most recent versions of GPG, AES256 is
> the first algorithm specified (as demonstrated with the showpref
> command), that the sender in turn would reply with an AES256
> symmetrically encrypted message (if possible).  If an older version of
> GPG were being used that didnt support AES, it would likely then
> choose among rank ordered subsequent algorithms as shown in the
> setpref commad.  Following this logic however, it would seem for me
> that CAST5 would be chosen preferentially rather than 3DES:
> Cipher: AES256, AES192, AES, CAST5, 3DES, IDEA


> Other than for backward compatibility purposes, I thought the
> encryption community had turned their backs on CAST5, but not 3DES.


I think you're confusing the notion of the "default" algorithm with
the "preferred" algorithm.  The default algorithm in OpenPGP is 3DES.
It is the algorithm that is always available, and everyone must
accept.  There is a preference system within OpenPGP that allows
people to specify what they might like more than 3DES, and if it is
possible, OpenPGP will give people what they like.

When you generate a new key with GPG (and PGP too, for that matter), a
preference is set for AES256.  This means that AES256 will be chosen
in most cases.  3DES is still the default though.


More information about the Gnupg-users mailing list