cipher used when both --encrypt and --symmetric is specified

vedaal at vedaal at
Mon Feb 29 20:26:30 CET 2016

On 2/29/2016 at 5:51 AM, "Martin Ilchev" <martini5468 at> wrote:

>There is one thing I would like to understand - the man page says:
>       --s2k-cipher-algo name
>              Use  name as the cipher algorithm used to protect 
>keys.  The default cipher is CAST5. This cipher is also used for
>conventional encryption if --personal-cipher-pref‐
>              erences and --cipher-algo is not given.
>So CAST5 is the preferred cipher for secret keys and is also the 
>for symmetric. On the other hand using --personal-cipher-
>preferences does
>not seem to apply to symmetric + public encryption. Is this by 


Sort-of, yes ...

The user's most important part of GnuPG, is the user's private key.

So it seems reasonable, that the symmetric algorithm the user picked to protect the private key,  (--s2k-algo ciphername),
is the symmetric algorithm that the user would prefer for symmetric encryption, as long as the receiver can decrypt it.

In practice, (standard, not hacked, non-customized ) GnupG, can decrypt ANY of the symmetric algorithms any GnuPG user can use.

Since the original user, the sender, is encrypting the message, 
it is again reasonable that the sender be able to choose the algorithm with which the sender feels most comfortable.


More information about the Gnupg-users mailing list