Selecting cipher to generate a key pair
David Bernier
david250 at videotron.ca
Sat May 2 12:01:51 CEST 2009
Dear Robert J. Hansen,
Robert J. Hansen wrote:
> Smith, Cathy wrote:
>
>> Is there a brief explanation available as to how the cipher is used in
>> generating the private/public keys? It seems this is separate from the
>> cipher that is chosen to encrypt my data.
>>
>
>
> rjh at chronicles:~$ gpg --enable-dsa2 --gen-key
> Please select what kind of key you want:
> (1) DSA and Elgamal (default)
> (2) DSA (sign only)
> (5) RSA (sign only)
>
>
> If you choose #1, you will be using, by default, DSA as a signature
> algorithm, AES256 as a general-purpose message encryption algorithm,
> Elgamal as an asymmetric encryption algorithm, and SHA1 as a hash algorithm.
>
> None of these algorithms are actually used to generate the
> private/public keys, though. The private and public keys are just
> numbers. GnuPG generates those numbers from a cryptographically secure
> pseudorandom number generator, then subjects the numbers to a battery of
> mathematical tests to make sure the keys are safe to use.
>
> Is it possible for you to tell us what algorithms your correspondent
> expects you to use? Knowing that might help us out quite a bit.
>
I'd like to know more about the process by which unsigned packages become
signed packages. This matters, I think, when using SELinux, which is what
I do.
Some packages are unsigned, e.g. Xcas, a computer algebra system by
Bernard Parisse at a university in France:
< http://www-fourier.ujf-grenoble.fr/~parisse/english.html >
I had to tell the SELinux motor that she must trust two modules loaded
dynamically
when Xcas is launched. I succeeded after many hours.
It would be easier, I think, if Xcas (the application) had a electronic
signature by someone that Fedora 10 trusts ...
Thanks a lot,
David Bernier
More information about the Gnupg-users
mailing list