cipher used when both --encrypt and --symmetric is specified

Martin Ilchev martini5468 at
Mon Feb 29 11:51:39 CET 2016

Hi Vedaal,

You are correct that is not my real key ID.

Funny enough the key was generated in Nov-2015. However you are absolutely
correct about the --s2k-cipher-algo option. I added that to my gpg.conf and
after that symmetric + public works exactly as I expected. I get AES256
every time.

There is one thing I would like to understand - the man page says:
       --s2k-cipher-algo name
              Use  name as the cipher algorithm used to protect secret
keys.  The default cipher is CAST5. This cipher is also used for
conventional encryption if --personal-cipher-pref‐
              erences and --cipher-algo is not given.

So CAST5 is the preferred cipher for secret keys and is also the default
for symmetric. On the other hand using --personal-cipher-preferences does
not seem to apply to symmetric + public encryption. Is this by design?


On Fri, 26 Feb 2016 at 14:52 <vedaal at> wrote:

> On 2/26/2016 at 5:48 AM, "Martin Ilchev" <martini5468 at> wrote:
> >I did set my key preferences a few months ago and made sure the
> >key had
> >them as well. Here is the output of showperf:
> >
> >     Cipher: AES256, AES192, AES, CAST5, 3DES
> .....
> >> > 2. Symmetrically encrypt and also encrypt for my own public
> >key:
> >> > gpg2 -vvv --symmetric --encrypt --sign -r 0x1234567890ABCDEF
> >> > decrypting the file shows that the cipher used is CAST5
> =====
> 0x1234567890ABCDEF is obviously not your real key id.
> I suspect the key was generated some time ago, when the default cipher to
> protect one's secret key, was CAST5
> GnuPG's default choice for the encryption algorithm for a symmetric cipher
> will be what the s2k-cipher-algo is.
> In your case for that key, it is CAST 5
> Try This:
> gpg2  --s2k-cipher-algo AES256 --symmetric --encrypt --sign -r
> 0x1234567890ABCDEF  filename
> The encryptions should now be with AES256 for both the symmetric part and
> the part encrypted to your key.
> vedaal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20160229/52b68a91/attachment.html>

More information about the Gnupg-users mailing list