kevhilton at gmail.com
Fri Sep 19 04:04:07 CEST 2008
> GnuPG in particular works like this:
> 1) Take the intersection of all recipients preference lists. This
> rules out any algorithms that would be unusable by someone.
> 2) Elect a "decider". The decider is the one person whose ordered
> list we will honor the rankings for. If the user has specified a
> personal-*-prefs list, then the user is the decider. If the user has
> not specified a list, then the last recipient key is used.
> 3) Walk the decider preference list from highest ranked to lowest
> ranked - as soon as we hit an algorithm that is part of the
> intersection from step #1, stop.
> For example:
> Alice has AES CAST5 TWOFISH
> Baker has CAST5 AES BLOWFISH
> Charlie has BLOWFISH AES CAST5
> Donald has CAMELLIA TWOFISH BLOWFISH
> Assuming that there is no personal-*-prefs list set), here's how it
> falls out:
> Alice Baker Charlie == AES
> Baker Alice Charlie == AES
> Charlie Alice Baker == CAST5
> Charlie Alice Baker Donald = 3DES
Thats a great explanation. Perhaps this should be included in the
Lastly however this is assuming the sender is not using the
options. From my reading of the documentation, this will force the
use of a particular cipher as dictated by the sender, even if the
algorithm is not contained in the list of the public keys. I know
these two options are not recommended for use, however since they are
included as possible options, I think that they should at least be
covered by a "what if" scenario.
More information about the Gnupg-users