Default hash

David Shaw dshaw at
Sat Feb 26 15:44:22 CET 2011

On Feb 25, 2011, at 6:05 PM, Aaron Toponce wrote:

> Also, my understanding on how the preferences are chosen by GnuPG is the
> following:
> 1. User wishes to encrypt mail to me, so my cipher preferences in my
> public key are pulled.
> 2. My first preference, Twofish, is used, only if the sender supports
> the Twofish algorithm.
> 3. If not, the next cipher in my preference list, Camellia256, is then
> chosen, so long as the sender also supports Camellia256.
> 4. Proceed inductively, until a matching cipher that can be agreed on
> between the two parties is chosen.
> 5. Message is encrypted using the agreed algorithm.
> 6. The same is used for signatures and compression.
> Is this accurate?

No.  It works like this (not literally in this order, but conceptually):

1. User wishes to encrypt mail to you, so your cipher preferences in your public key are pulled.
2. The cipher preferences for all other recipients to that mail are also pulled (very frequently, the sender is also encrypting to his or herself, so that is another recipient).
3. If not already present, 3DES is added to the end of all lists.
4. All the cipher preferences are grouped together into a set.  The sender then compares the list of ciphers that exist in their version of OpenPGP with the list of ciphers in this set.  Any cipher that is not in both groups is discarded.  This is because we don't know if all recipients can handle it.
5. Now we rank the ciphers that haven't been thrown out yet by using the scores given to them by the users.  The first cipher in the list gets 1 point, the second cipher in the list gets 2, etc.
6. Pick the lowest numbered cipher.

This gives us three things:

A) A guarantee that no cipher will be used that cannot be handled by all recipients.  This is crucial, as if we used a cipher that wasn't available for everyone, we'd cut off communication.
B) A guarantee that all users can communicate.  Since every user can handle 3DES, by defintion, it is not possible that the above algorithm will finish without picking a cipher.
C) We will pick the cipher that recipients like the most, overall.

A) & B) are vital, and required by the OpenPGP standard.  C) is optional, but nice to have.

So the bottom line here is to set your preferences to the list of ciphers that you are willing to use, in the order in which you like them.  You will only get messages encrypted to one of these ciphers, and, at least if your correspondents are using GnuPG, will tend to favor the ciphers that you rank higher.


More information about the Gnupg-users mailing list