Selecting cipher to generate a key pair

Smith, Cathy cathy.smith at pnl.gov
Thu May 7 20:27:23 CEST 2009


I wanted to provide closure on this thread.  The customer was able to
accept the public key that I generated using this method.

I learned from the customer yesterday that they are using Bouncy Castle,
bcpg v. 1.33.

Thanks vey much for your help.


Regards,


Cathy
---
Cathy L. Smith
IT Engineer

Pacific Northwest National Laboratory
Operated by Battelle for the
U.S. Department of Energy

Phone:	509.375.2687
Fax:	      509.375.2330
Email:	cathy.smith at pnl.gov


-----Original Message-----
From: Robert J. Hansen [mailto:rjh at sixdemonbag.org] 
Sent: Friday, May 01, 2009 4:39 PM
To: Smith, Cathy
Cc: Allen Schultz; gnupg-users; Hallquist, Roy S Jr
Subject: Re: Selecting cipher to generate a key pair

Smith, Cathy wrote:
> The customer said they have a proprietary implementation that only 
> supports Blowfish or 3DES for the key.  I'm still trying to find out 
> exactly what that means.

Okay, that much makes sense now.

I would suggest adding:

cipher-algo 3DES

... to your .gnupg/gpg.conf file.  This is a sledgehammer solution, and
not one I'd generally recommend; however, the downsides are pretty
minimal.  Then encrypt a message using their public key and send it on
to them.  If they can read it, great.  If they can't, then the problem
is their proprietary implementation of OpenPGP is shoddy.

Incidentally, if your customer is a telecommunications firm, I think I
may know the implementation they're using and some of its more egregious
misfeatures.  Other than that one and PGP Corporation's offering,
though, I have no experience with proprietary OpenPGP offerings.




More information about the Gnupg-users mailing list