Documentation on symmetric key options for GPGME
Jim Treinen
jtreinen at gmail.com
Thu Feb 21 17:19:16 CET 2013
Thank you for the information, that certainly makes sense. Regarding AES,
I understand your point about being compatible with all clients, but for my
own education, is it possible to force the use of AES (or any other cipher)
using the GPGME library ? I don't see any parameters on the *
gpgme_set_protocol* or *gpgme_op_encrypt* functions that would seem to
allow for this.
Thanks again,
Jim.
On Wed, Feb 20, 2013 at 4:48 PM, Robert J. Hansen <rjh at sixdemonbag.org>wrote:
> On 02/20/2013 06:41 PM, Jim Treinen wrote:
> > I am new to GPG, specifically GPGME. I am trying to familiarize
> > myself with programming against the GPGME C library. I was wondering
> > if it is possible to explicitly specify the use of AES 256 and choose
> > a block mode when using the OpenPGP protocol ?
>
> It is possible to force the use of AES-256 whenever possible: add
> "--cipher-algo aes256" to the GnuPG command line. However, this is
> thoroughly not advised. It's possible to create traffic your recipient
> will not be able to decrypt, for instance (not every OpenPGP
> implementation supports AES). There are also other edge cases in which
> using cipher-algo can get you in trouble.
>
> OpenPGP specifies its own block mode, which is basically CFB64 with some
> special sauce added -- it's a hack which dates back many years. Every
> now and again there's some talk about replacing it with something more
> modern, like Galois counter mode or somesuch, but so far nothing's come
> of it. So the answer to this one is no, you really can't specify a
> block mode.
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20130221/b9bf7bf5/attachment-0001.htm>
More information about the Gnupg-users
mailing list