Selecting cipher to generate a key pair

David Bernier david250 at
Sat May 2 12:01:51 CEST 2009

Dear Robert J. Hansen,

Robert J. Hansen wrote:
> Smith, Cathy wrote:
>> Is there a brief explanation available as to how the cipher is used in
>> generating the private/public keys?  It seems this is separate from the
>> cipher that is chosen to encrypt my data.
> rjh at chronicles:~$ gpg --enable-dsa2 --gen-key
> Please select what kind of key you want:
>    (1) DSA and Elgamal (default)
>    (2) DSA (sign only)
>    (5) RSA (sign only)
> If you choose #1, you will be using, by default, DSA as a signature
> algorithm, AES256 as a general-purpose message encryption algorithm,
> Elgamal as an asymmetric encryption algorithm, and SHA1 as a hash algorithm.
> None of these algorithms are actually used to generate the
> private/public keys, though.  The private and public keys are just
> numbers.  GnuPG generates those numbers from a cryptographically secure
> pseudorandom number generator, then subjects the numbers to a battery of
> mathematical tests to make sure the keys are safe to use.
> Is it possible for you to tell us what algorithms your correspondent
> expects you to use?  Knowing that might help us out quite a bit.

I'd like to know more about the process by which unsigned packages become
signed packages. This matters, I think, when using SELinux, which is what
I do.

Some packages are unsigned, e.g. Xcas, a computer algebra system by
Bernard Parisse at a university in France:

< >

I had to tell the SELinux motor that she must trust two modules loaded 
when Xcas is launched. I succeeded after many hours.

It would be easier, I think, if Xcas (the application) had a electronic
signature by someone that Fedora 10 trusts ...

Thanks a lot,

David Bernier

More information about the Gnupg-users mailing list