cipher used when both --encrypt and --symmetric is specified
Martin Ilchev
martini5468 at gmail.com
Mon Feb 29 11:51:39 CET 2016
Hi Vedaal,
You are correct that is not my real key ID.
Funny enough the key was generated in Nov-2015. However you are absolutely
correct about the --s2k-cipher-algo option. I added that to my gpg.conf and
after that symmetric + public works exactly as I expected. I get AES256
every time.
There is one thing I would like to understand - the man page says:
--s2k-cipher-algo name
Use name as the cipher algorithm used to protect secret
keys. The default cipher is CAST5. This cipher is also used for
conventional encryption if --personal-cipher-pref‐
erences and --cipher-algo is not given.
So CAST5 is the preferred cipher for secret keys and is also the default
for symmetric. On the other hand using --personal-cipher-preferences does
not seem to apply to symmetric + public encryption. Is this by design?
Regards,
Martin
On Fri, 26 Feb 2016 at 14:52 <vedaal at nym.hush.com> wrote:
>
> On 2/26/2016 at 5:48 AM, "Martin Ilchev" <martini5468 at gmail.com> wrote:
>
> >I did set my key preferences a few months ago and made sure the
> >key had
> >them as well. Here is the output of showperf:
> >
> > Cipher: AES256, AES192, AES, CAST5, 3DES
> .....
>
> >> > 2. Symmetrically encrypt and also encrypt for my own public
> >key:
> >> > gpg2 -vvv --symmetric --encrypt --sign -r 0x1234567890ABCDEF
>
> >> > decrypting the file shows that the cipher used is CAST5
>
> =====
>
> 0x1234567890ABCDEF is obviously not your real key id.
>
> I suspect the key was generated some time ago, when the default cipher to
> protect one's secret key, was CAST5
>
> GnuPG's default choice for the encryption algorithm for a symmetric cipher
> will be what the s2k-cipher-algo is.
>
> In your case for that key, it is CAST 5
>
>
> Try This:
>
> gpg2 --s2k-cipher-algo AES256 --symmetric --encrypt --sign -r
> 0x1234567890ABCDEF filename
>
> The encryptions should now be with AES256 for both the symmetric part and
> the part encrypted to your key.
>
>
> vedaal
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160229/52b68a91/attachment.html>
More information about the Gnupg-users
mailing list