AES-NI, symmetric key generation

Maricel Gregoraschko maricelgregoraschko at
Wed Mar 11 20:50:16 CET 2015

Peter,My understanding was that if you don't pass --symmetric, then a session key is generated, with which the clear text is (symmetrically) encrypted and then the session key is encrypted (asymmetrically) with the public key. Conversely, if you do pass --symmetric, then there is no random-generated "session" key, and gpg simply generates a symmetric key from the passphrase, that it encrypts the clear text with. Are you saying that that is not the case, and there there is a session key, used to encrypt the clear text, and the session key gets encrypted, again, symmetrically with the passphrase-generated key?
However my question regarding the standardization format was not necessarily related to the OpenPGP protocol, but rather, at the most basic level of symmetric encryption in general: you have a key, a cleartext, a symmetric block cipher algorithm and a mode of operation . Is the format of the output standardized within this context, of a symmetric block cipher encryption, rather than as part of OpenPGP? Would another software or encryption library be able to decrypt a text symmetrically encrypted with gpg, not taking into account additional layers of asymmetric encryption?Thank you for your help.
      From: Peter Lebbing <peter at>
 To: Maricel Gregoraschko <maricelgregoraschko at>; Gnupg-users <Gnupg-users at> 
 Sent: Wednesday, March 11, 2015 3:06 PM
 Subject: Re: AES-NI, symmetric key generation
On 11/03/15 18:55, Maricel Gregoraschko wrote:

> One more question: Is there any standardization in output formats 
> between encryption programs and libraries, for example say you
> encrypt with AES128 in CBC, with the same key (directly or via
> passphrase), and since the output will have to have, in addition to
> the actual ciphertext, algorithm indentification on it, possible
> pasphrase-to-key, plus mode-specific data such as the iv/nonce, is
> there a specification of the format of how these come in?

The passphrase-based encryption of GnuPG is entirely specified in RFC
4880, and there is no reason to worry that future versions of GnuPG
cannot read a symmetrically encrypted file created now.

Also, it is *not* the case that the key used to encrypt the data is the
key derived from your password!

The key to encrypt the data, the session key, is randomly generated. The
passphrase is used to derive a key, and this derived key is used to
encrypt the session key, and only the session key!

However, I do notice that RFC 4880 allows the use of a password-derived
key to encrypt the data[1]. I don't think GnuPG will generate such
OpenPGP messages, but it might accept and decrypt them.



[1] RFC 4880 section 5.3:

> If the encrypted session key is not present (which can be detected on
> the basis of packet length and S2K specifier size), then the S2K 
> algorithm applied to the passphrase produces the session key for 
> decrypting the file, using the symmetric cipher algorithm from the 
> Symmetric-Key Encrypted Session Key packet.

I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20150311/91f239cd/attachment.html>

More information about the Gnupg-users mailing list