Session Key Questions

vedaal at vedaal at
Wed Sep 17 19:45:05 CEST 2008

David Shaw dshaw at wrote on
Wed Sep 17 18:21:42 CEST 2008 :

>I think you're confusing the notion of the "default" algorithm with
>the "preferred" algorithm.  The default algorithm in OpenPGP is 

why then, if there are no preferences used, 
or listed in the gpg.conf file,
does gnupg use CAST-5 instead of 3DES 'by default' for symmetric 
encryption when no key is used.

c:\gnupg>gpg -c c:\t.txt
gpg: using cipher CAST5
gpg: writing to `c:\t.txt.gpg'

by when gnupg generates a new key, even though the top of the key's 
preferences is AES, the cipher which protects the secret key, is 
still CAST-5 and not 3DES

if there were a new minimalist 'open pgp implementation' that used 
only 3DES as its encryption algorithm, and gnupg send a 
symmetrically encypted message,
then 'by gnupg default settings' it would be incompatible.

(some people actually do send conventionally encrypted messages to 
users they know personally, ;-)

"great to hear that you're using an open-pgp program,
i'll be sending you my public key in an encrypted message that only 
needs a passphrase,
i wrote it down for you, here,
then send me a reply that is encrypted to my key"

theoretically, also
if someone wanted to use this new program that had only 3DES, and 
tried to import a keypair made with the default setting in gnupg, 
it wouldn't be usable, because the secret key is, 'by default' 
protected with CAST-5, not 3DES


any ads or links below this message are added by hushmail without 
my endorsement or awareness of the nature of the link

Cut strokes from your golf game. Click here to learn how to improve your swing.

More information about the Gnupg-users mailing list