AES-NI, symmetric key generation
maricelgregoraschko at yahoo.com
Mon Mar 9 18:15:14 CET 2015
Hello All,I would first like to thank you for your effort and time developing gnupgp.I have a couple of questions:
1. Does GnuGP (in particular, the Windows binaries distributed for gpg4win) use AES-NI, the Intel dedicated AES instruction set? There are some concerns, I'm not sure how realistic, about backdoors built into the CPU themselves. I noticed there is an option to "configure", --disable-aesni-support. Where can I get the full configure command as it was used to build the posted gpg4win binaries, to check if that switch was present or not?Also is there any option to turn hardware acceleration on or off at runtime?
2. When using symmetric encryption and providing a passphrase, I understand the actual encryption key is generated on the spot, used to do the encryption, and then discarded from memory and not stored anywhere, is that correct? If the user wanted, can they dump the encryption key to store it securely, and use it to decrypt, instead of the password?Is there a guarantee that the key derivation (passphrase to key) algorithm does not change between versions of GnuPG, so that a file encrypted with a passphrase and a previous GnuPG version can be decrypted with the same passphrase and a newer GnuPG version (i.e., the same key is generated from the passphrase)?
Thank you very much for your support.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users