encryption algorithm

David Shaw dshaw at jabberwocky.com
Tue Dec 17 17:57:34 CET 2013 

On Dec 17, 2013, at 11:31 AM, Matt D <md123 at nycap.rr.com> wrote:

> On 12/17/2013 11:09 AM, Daniel Kahn Gillmor wrote:
>> Hi Matt--
>> 
>> On 12/17/2013 10:07 AM, Matt D wrote:
>>> Hi!  What encryption algorithm do we use in OpenPGP
>> 
>> OpenPGP has "algorithm agility", meaning that it's possible to use 
>> different encryption algorithms at different times in the same 
>> cryptographic framework.  encrypted OpenPGP messages are generally
>> also "hybrid" messages -- that is, the bulk of the message is
>> encrypted with a symmetric encryption algorithm (using a random
>> key), and that random key is encrypted to the recipient's public
>> key using an asymmetric algorithm.
> 
> Please excuse my ignorance but I have a question after looking at the
> list. It is my impression that I can choose an algorithm for my
> machine and whoever else I communicate with can choose another
> algorithm.  Is this correct?   Why would anyone choose AES-128 instead
> of something more secure, say AES-256?

The short answer is that not every OpenPGP program supports all algorithms.  The only algorithm that MUST be present is Triple-DES.  Some algorithms are recommended, and some are totally optional, but 3DES is a hard requirement.  It's possible that they simply don't have AES-256.

It's not quite accurate that you can choose an algorithm for your machine and whoever you communicate with can choose another.  Rather, algorithms in OpenPGP are ranked.  Each user (i.e. each key) has their own list, in order, of algorithms.  Triple-DES, the required algorithm, is always on this list (if you leave it off, GnuPG acts as if it's at the bottom of the list).  This list serves several purposes at the same time - first, it means that an algorithm that a particular user can't use (say their OpenPGP program doesn't support it) is guaranteed never to be used.  If it's not on the list somewhere, it won't be used.  Secondly, it allows users to indicate which algorithms they prefer.  If you prefer AES-256, above AES-128, then you list them in that order.  (In practice, GnuPG usually supports all of the algorithms, so the ordering functionality is more useful than the "don't use an algorithm I don't have" functionality.)

Different programs take this ordering into account in varying ways.  For GnuPG specifically, it tries to make as many people as happy as possible.  For example, if a message is being encrypted to three people, two of whom have AES-256 as their first choice, and one who has something else, the likely result will be that AES-256 is chosen.

So you pick your favorites, and people you communicate with pick their favorites, and the OpenPGP protocol handles the rest.

David

More information about the Gnupg-users mailing list