way to see what cipher/algo was used to create your key?

David Shaw dshaw at jabberwocky.com
Sun Jun 17 17:47:24 CEST 2012


On Jun 17, 2012, at 9:16 AM, Sam Smith wrote:

> I see that --edit-key > pref lists out preferences. I'm assuming the first S is default cipher, first H is default algo, etc? so if a key is generated it will use the first S, first H, etc. But why are all those other S and H options listed? when would they ever be used to create keys?
> 
> Lastly, if you created your key some time ago (on a different machine) and don't know what the default cipher/hash was at the time, is there a way to find out what cipher and hash was used in the creation of your key?

--edit-key -> pref shows you the preferences on that specific key (try using "showpref" instead for a more user friendly display).  It does not show what what ciphers are chosen for generating a new key.  You can change the preferences whenever you like via --edit-key -> setpref

OpenPGP doesn't really have the notion of a default cipher (or other preference).  Rather, it has lists, ranked in order of preference, for ciphers, hashes, and compression algorithms.  These do double duty, in that they tell someone encrypting to your key both what algorithms you can handle (i.e. if your implementation couldn't handle CAST5, it wouldn't be on your list at all), and also which algorithms you prefer to use (i.e. if you like AES more than CAST5, you'd list AES before CAST5 in the list).

Here's how it works - when encrypting to a bunch of keys, GPG needs to send a message that is usable by all recipients (as what's the point of sending a message to someone that they can't read?).  To do this, it has to find a set of algorithms (cipher, compression, etc) that every recipient can handle.  The method is simple: read everyone's preference lists, and find the intersection of the preferences.  This intersection is a list of algorithms that every recipient can handle.  Pick an algorithm from this list, and you are safe that no recipient won't be able to read the message.

To deal with the case where there is no intersection (say, Alice put CAST5 and AES in her list, and Baker put TWOFISH and BLOWFISH in his list), the standard requires that all cipher lists have 3DES in them somewhere, all hash lists have SHA-1 in there somewhere, and all compression lists have "uncompressed" in there somewhere.  If the user doesn't explicitly put it in, it is assumed to be there at the end of the list.  This guarantees that there will aways be at least one algorithm in the intersection (and also requires all OpenPGP programs to implement these algorithms).

Methods vary in how to pick an algorithm from the list - all the standard requires is that it comes from the list at all.  GPG actually ranks each algorithm so that more "votes" for that algorithm can increase the chance of it being chosen, but it is equally correct (though perhaps not particularly friendly) for an implementation to always pick 3DES, for example.

David




More information about the Gnupg-users mailing list