--digest-algo ignored on gnupg-1.4.9?

freejack at is-not-my.name freejack at is-not-my.name
Thu Jan 6 23:37:03 CET 2011

Robert J. Hansen said something like this:

> > On 1/5/2011 4:00 PM, freejack at is-not-my.name wrote:
> > Then something is very odd. Here's my output, only I used IDEA instead
> > of 3DES for my test:
> You might want to reconsider using IDEA: although it was the bee's knees
> for the early 1990s, the past twenty years (good /grief/ it's so strange
> to say that!) have not been kind to it.  Don't misunderstand me: I am
> not saying "IDEA is broken, move away from it."  IDEA's margin of safety
> is presently razor-thin, but it still holds up.  It's just that nobody
> likes a razor-thin safety margin.  :)

Ok, thanks for the insight on cipher choice, but let's not get distracted
;-) The issue is gnupg 1.4.9 doesn't seem to honor --digest-algo. I take
your point maybe it shouldn't in some/all cases but it accepts a
specification and verifies it and gives you a message if you specify an
invalid choice. Then it silently ignores what you specified. Best case it's
a usability error, worst case it's a bug.

Has anybody tried this using 1.4.9?

> > gpg: WARNING: message was not integrity protected
> Notice that?  That's present in your packet list, but not in mine.
> You're not using integrity-protected symmetric encryption, so the bit of
> the RFC I quoted at you doesn't apply.  :)

Well according to what you posted, you did get this message. So I'm not sure
what one of us is smoking ;) Please check your post Message-ID:
<4D24BFF6.3030905__43652.2631127902$1294254146$gmane$org at sixdemonbag.org>

> > Sounds reasonable but then why is it using RIPEMD160? I tested with 3DES
> > instead of IDEA and got the same thing. RIPEMD160 is being used, not
> > SHA1. Thanks for looking at this.
> Try sharing your gpg.conf file.  The answer is probably found in there
> somewhere.

I'll do better than that. Here's a test with no .gnupg folder at all,
starting from scratch.

user:~$ gpg -c -ao test.asc --digest-algo sha512 --cipher-algo 3des test.txt 
gpg: directory `/home/user/.gnupg' created
gpg: new configuration file `/home/user/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/user/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/user/.gnupg/pubring.gpg' created
Enter passphrase: 12345
Repeat passphrase: 12345
user:~$ gpg --list-packets test.asc 
gpg: keyring `/home/user/.gnupg/secring.gpg' created
:symkey enc packet: version 4, cipher 2, s2k 3, hash 2
	salt b3a9a45872132be3, count 65536 (96)
gpg: 3DES encrypted data
Enter passphrase: 12345
:encrypted data packet:
	length: 33
gpg: encrypted with 1 passphrase
:compressed packet: algo=1
:literal data packet:
	mode b (62), created 1294337333, name="test.txt",
	raw data: 5 bytes
gpg: WARNING: message was not integrity protected
user:~$ gpg -v --version
gpg (GnuPG) 1.4.9
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~.gnupg
Supported algorithms:
Cipher: 3DES (S2), CAST5 (S3), BLOWFISH (S4), AES (S7), AES192 (S8), 
        AES256 (S9), TWOFISH (S10)
Hash: MD5 (H1), SHA1 (H2), RIPEMD160 (H3), SHA256 (H8), SHA384 (H9), 
      SHA512 (H10), SHA224 (H11)
Compression: Uncompressed (Z0), ZIP (Z1), ZLIB (Z2), BZIP2 (Z3)
user:~$ pgpdump test.asc 
Old: Symmetric-Key Encrypted Session Key Packet(tag 3)(13 bytes)
	New version(4)
	Sym alg - Triple-DES(sym 2)
	Iterated and salted string-to-key(s2k 3):
		Hash alg - SHA1(hash 2)
		Salt - b3 a9 a4 58 72 13 2b e3 
		Count - 65536(coded count 96)
New: Symmetrically Encrypted Data Packet(tag 9)(33 bytes)
	Encrypted data [sym alg is specified in sym-key encrypted session key]

>From this it's pretty clear --digest-algo isn't being honored by 1.4.9. And
it's clear it has nothing to do with IDEA, this example uses 3DES just like
your example and anyway since I didn't load it (no conf) IDEA is completely
out of the picture. I had said earlier it fails the same way when I used
3DES but here it is in black and white just to reinforce that.

What do you say to me now, Mr. Robert J. Hanson? I demand to talk to the
management! Where's Werner and David, still out on holiday vacation? ;-)

Now to answer 2 posts in one:

vedaal wrote:

> There sort-of is, but in an out of the way place, 
> and it's not apparent that the digests and ciphers for symmetric 
> encryption are determined from there.
> It's in the s2k preferences:
> (the default is CAST5 and SHA1)
> vedaal 

Thanks for your example, it may help if somebody had a gpg.conf, but given
my test was run with no .gnupg folder or gpg.conf and used all the defaults,
looks to me like there is some problem.

Thanks guys!

More information about the Gnupg-users mailing list