s2k-cipher-mode default

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Jun 3 00:44:00 CEST 2015

On Tue 2015-06-02 17:51:50 -0400, vedaal at nym.hush.com wrote:
> The s2k default is also the default for symmetrically encrypted messages
> (which is fine, as long as people know about it).

I mentioned the possible interoperability concern in my first post on
this thread.

> If a person wants to symmetrically encrypt a message or file with AES 256,
> or any other symmetric algorithm,
> then the user will need to specify the option either in gnupg.conf or on the command line.

This is not true.  symmetric algorithm selection during decryption is
done based on the metadata parameters stored in the SKESK packet, which
indicate which cipher to use.  As long as the peer can do AES256 (and
all reasonably modern OpenPGP implementations can), no additional
configuration is needed:

0 dkg at alice:~$ echo test | gpg2 --symmetric | pgpdump
Old: Symmetric-Key Encrypted Session Key Packet(tag 3)(13 bytes)
	New version(4)
	Sym alg - AES with 256-bit key(sym 9)
	Iterated and salted string-to-key(s2k 3):
		Hash alg - SHA1(hash 2)
		Salt - a1 bf fd 74 8e a4 07 7a 
		Count - 23068672(coded count 230)
New: Symmetrically Encrypted and MDC Packet(tag 18)(58 bytes)
	Ver 1
	Encrypted data [sym alg is specified in sym-key encrypted session key]
		(plain text + MDC SHA1(20 bytes))
0 dkg at alice:~$ 



More information about the Gnupg-users mailing list