Selecting cipher to generate a key pair

Smith, Cathy cathy.smith at
Sat May 2 01:04:41 CEST 2009

The customer stated that he can accept a public key generated with
either Blowfish or Triple-DES.  I wasn't sure what he needed because all
I've dealt with in generating a key pair before is selecting the DSA or
RSA option.  Our PGP version doesn't offer the DSA and Elgamal option. 

I've sent him a GnuPG-generated key, and asked him to find out if they
are using GnuPG.  I haven't heard from him today.  

Cathy L. Smith

Pacific Northwest National Laboratory
Operated by Battelle for the
U.S. Department of Energy

Phone:	509.375.2687
Fax:	      509.375.2330
Email:	cathy.smith at

-----Original Message-----
From: Robert J. Hansen [mailto:rjh at] 
Sent: Friday, May 01, 2009 3:58 PM
To: Smith, Cathy
Cc: Allen Schultz; gnupg-users; Hallquist, Roy S Jr
Subject: Re: Selecting cipher to generate a key pair

Smith, Cathy wrote:
> Is there a brief explanation available as to how the cipher is used in

> generating the private/public keys?  It seems this is separate from 
> the cipher that is chosen to encrypt my data.

rjh at chronicles:~$ gpg --enable-dsa2 --gen-key Please select what kind of
key you want:
   (1) DSA and Elgamal (default)
   (2) DSA (sign only)
   (5) RSA (sign only)

If you choose #1, you will be using, by default, DSA as a signature
algorithm, AES256 as a general-purpose message encryption algorithm,
Elgamal as an asymmetric encryption algorithm, and SHA1 as a hash

None of these algorithms are actually used to generate the
private/public keys, though.  The private and public keys are just
numbers.  GnuPG generates those numbers from a cryptographically secure
pseudorandom number generator, then subjects the numbers to a battery of
mathematical tests to make sure the keys are safe to use.

Is it possible for you to tell us what algorithms your correspondent
expects you to use?  Knowing that might help us out quite a bit.

More information about the Gnupg-users mailing list