Documentation on symmetric key options for GPGME
Robert J. Hansen
rjh at sixdemonbag.org
Thu Feb 21 00:48:17 CET 2013
On 02/20/2013 06:41 PM, Jim Treinen wrote:
> I am new to GPG, specifically GPGME. I am trying to familiarize
> myself with programming against the GPGME C library. I was wondering
> if it is possible to explicitly specify the use of AES 256 and choose
> a block mode when using the OpenPGP protocol ?
It is possible to force the use of AES-256 whenever possible: add
"--cipher-algo aes256" to the GnuPG command line. However, this is
thoroughly not advised. It's possible to create traffic your recipient
will not be able to decrypt, for instance (not every OpenPGP
implementation supports AES). There are also other edge cases in which
using cipher-algo can get you in trouble.
OpenPGP specifies its own block mode, which is basically CFB64 with some
special sauce added -- it's a hack which dates back many years. Every
now and again there's some talk about replacing it with something more
modern, like Galois counter mode or somesuch, but so far nothing's come
of it. So the answer to this one is no, you really can't specify a
block mode.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130220/a9c4efbe/attachment.pgp>
More information about the Gnupg-users
mailing list