--digest-algo ignored on gnupg-1.4.9?

freejack at is-not-my.name freejack at is-not-my.name
Wed Jan 5 22:00:28 CET 2011

> On 01/05/2011 01:37 PM, freejack at is-not-my.name wrote:
> > Hi, it appears --digest-algo is ignored for symmetric encryption using
> > gpg 1.4.9. 
> Using --digest-algo is pretty dangerous.  It's easy to create messages
> your recipients can't parse.  --personal-digest-preferences is what you
> want to use instead.

I was playing around with --digest-algo after seeing something odd when I
looked at a symmetrically encrypted file I was experimenting with. In the
case I encrypt to somebody else then I do use
--personal-digest-preferences. I understand the difference because I read
the postings from Werner, David, and you. :-)

> Anyway, I can't recreate this bug:
> [rjh at localhost]$ gpg --list-packets test.asc
> :symkey enc packet: version 4, cipher 2, s2k 3, hash 2
> 	salt 6cbb4c1e2c0fbae1, count 65536 (96)
> gpg: 3DES encrypted data
> :encrypted data packet:
> 	length: unknown
> gpg: encrypted with 1 passphrase
> :compressed packet: algo=1
> :literal data packet:
> 	mode b (62), created 1294253512, name="test.txt",
> 	raw data: 2385 bytes
> gpg: WARNING: message was not integrity protected
> SHA-1 is used in the symmetric packet, as is expected.  See RFC4880,
> section 5.13: "Symmetrically Encrypted Integrity Protected Data Packet":
> SHA-1 is the only option for digest algorithms for this particular packet.

Then something is very odd. Here's my output, only I used IDEA instead of
3DES for my test:

user:~$ gpg --version
gpg (GnuPG) 1.4.9
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
user:~$ gpg -c -ao test.asc --digest-algo sha1 --cipher-algo idea test.txt
Enter passphrase: 12345
Repeat passphrase: 12345
user:~$ gpg --list-packets test.asc
:symkey enc packet: version 4, cipher 1, s2k 3, hash 3
	salt 349d4381bb80d1f7, count 65536 (96)
gpg: IDEA encrypted data
Enter passphrase: 12345
:encrypted data packet:
	length: 33
gpg: encrypted with 1 passphrase
:compressed packet: algo=1
:literal data packet:
	mode b (62), created 1294256753, name="test.txt",
	raw data: 5 bytes
gpg: WARNING: message was not integrity protected
user:~$ pgpdump test.asc 
Old: Symmetric-Key Encrypted Session Key Packet(tag 3)(13 bytes)
	New version(4)
	Sym alg - IDEA(sym 1)
	Iterated and salted string-to-key(s2k 3):
		Hash alg - RIPEMD160(hash 3)
		Salt - 34 9d 43 81 bb 80 d1 f7 
		Count - 65536(coded count 96)
New: Symmetrically Encrypted Data Packet(tag 9)(33 bytes)
	Encrypted data [sym alg is specified in sym-key encrypted session key]

> --digest-algo will let you determine which algorithm to use, whenever
> there is a choice of which algorithm to use.  There is no choice here.

Sounds reasonable but then why is it using RIPEMD160? I tested with 3DES
instead of IDEA and got the same thing. RIPEMD160 is being used, not
SHA1. Thanks for looking at this.

More information about the Gnupg-users mailing list