cipher used when both --encrypt and --symmetric is specified

vedaal at vedaal at
Fri Feb 26 15:52:09 CET 2016

On 2/26/2016 at 5:48 AM, "Martin Ilchev" <martini5468 at> wrote:

>I did set my key preferences a few months ago and made sure the 
>key had
>them as well. Here is the output of showperf:
>     Cipher: AES256, AES192, AES, CAST5, 3DES

>> > 2. Symmetrically encrypt and also encrypt for my own public 
>> > gpg2 -vvv --symmetric --encrypt --sign -r 0x1234567890ABCDEF 

>> > decrypting the file shows that the cipher used is CAST5


0x1234567890ABCDEF is obviously not your real key id.

I suspect the key was generated some time ago, when the default cipher to protect one's secret key, was CAST5

GnuPG's default choice for the encryption algorithm for a symmetric cipher will be what the s2k-cipher-algo is.

In your case for that key, it is CAST 5

Try This:

gpg2  --s2k-cipher-algo AES256 --symmetric --encrypt --sign -r 0x1234567890ABCDEF  filename

The encryptions should now be with AES256 for both the symmetric part and the part encrypted to your key.


More information about the Gnupg-users mailing list