NIST 800-57 compatible unattended encryption?
Ángel
angel at pgp.16bits.net
Mon Jan 21 23:33:43 CET 2019
You are missing another point, which is that -in addition to the
gpg.conf client preferences- the keys you are encrypting to have
preferences, too.
In fact, it is noted in the SE answer you linked:
> Per default, GnuPG will read the recipient's algorithm preferences and
> take the first algorithm in that list it supports (in other words, it
> takes the most-preferred supported algorithm the recipient asks for).
>
https://security.stackexchange.com/questions/86305/what-is-the-default-cipher-algorithm-for-gnupg/86311#86311
The default of Cast5/AES-128 is for the case where you know nothing (in
fact, the recipient might not even be able to decrypt it if you used an
algorithm it doesn't support, so it can go to eg. 3DES. All keys you are
using today should have been generated by non-ancient software and, as
such, have this preference set, though)
Kind regards
More information about the Gnupg-users
mailing list