why is CAST5 used instead of AES for seckey encryption?

Robert J. Hansen rjh at sixdemonbag.org
Sun Jun 17 19:02:11 CEST 2012

On 06/17/2012 11:56 AM, Sam Smith wrote:
> Curious as to why the encryption standard AES is not used to encrypt
>  secret keys for GPG?

Because GnuPG predates AES.  When GnuPG 1.0 came out AES has yet to be
invented.  CAST5-128 was the choice back then, and nobody's changed it
yet -- at least partially because it doesn't need to be changed: there
are no known attacks on CAST5-128.

> Do people generally change the cipher to AES when generating their 
> secret key?

This is impossible to answer definitively, because nobody has a
perspective on what the whole of the GnuPG community is doing with our
gpg.conf files.  That said, I think you will find only a minority of
users do this.  I don't, and I've never heard any of my correspondents
say that they do.

More information about the Gnupg-users mailing list