AES-NI, symmetric key generation

Peter Lebbing peter at
Wed Mar 11 20:06:54 CET 2015

On 11/03/15 18:55, Maricel Gregoraschko wrote:
> One more question: Is there any standardization in output formats 
> between encryption programs and libraries, for example say you
> encrypt with AES128 in CBC, with the same key (directly or via
> passphrase), and since the output will have to have, in addition to
> the actual ciphertext, algorithm indentification on it, possible
> pasphrase-to-key, plus mode-specific data such as the iv/nonce, is
> there a specification of the format of how these come in?

The passphrase-based encryption of GnuPG is entirely specified in RFC
4880, and there is no reason to worry that future versions of GnuPG
cannot read a symmetrically encrypted file created now.

Also, it is *not* the case that the key used to encrypt the data is the
key derived from your password!

The key to encrypt the data, the session key, is randomly generated. The
passphrase is used to derive a key, and this derived key is used to
encrypt the session key, and only the session key!

However, I do notice that RFC 4880 allows the use of a password-derived
key to encrypt the data[1]. I don't think GnuPG will generate such
OpenPGP messages, but it might accept and decrypt them.



[1] RFC 4880 section 5.3:

> If the encrypted session key is not present (which can be detected on
> the basis of packet length and S2K specifier size), then the S2K 
> algorithm applied to the passphrase produces the session key for 
> decrypting the file, using the symmetric cipher algorithm from the 
> Symmetric-Key Encrypted Session Key packet.

I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list