Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Jul 25 22:10:46 CEST 2019

On Thu 2019-07-25 14:00:08 -0400, Kynn Jones via Gnupg-users wrote:
> The GnuPG documentation refers to an "INTEROPERABILITY WITH
> OTHER OPENPGP PROGRAMS section", but when I search for this
> title, I find only references to it, not the actual section.
> Does any one know where that section is?

It appears to be in the info page, which (on my system) i can access
with "info gpg" and then searching for "interoperability".  In the
manual page (gpg(1), accessed via "man 1 gpg") the section is titled
just "INTEROPERABILITY" (why this difference between info and man?  I
don't know or understand!)

I reproduce the current version out of info (from 2.2.17) below.




GnuPG tries to be a very flexible implementation of the OpenPGP
standard.  In particular, GnuPG implements many of the optional parts of
the standard, such as the SHA-512 hash, and the ZLIB and BZIP2
compression algorithms.  It is important to be aware that not all
OpenPGP programs implement these optional algorithms and that by forcing
their use via the '--cipher-algo', '--digest-algo',
'--cert-digest-algo', or '--compress-algo' options in GnuPG, it is
possible to create a perfectly valid OpenPGP message, but one that
cannot be read by the intended recipient.

   There are dozens of variations of OpenPGP programs available, and
each supports a slightly different subset of these optional algorithms.
For example, until recently, no (unhacked) version of PGP supported the
BLOWFISH cipher algorithm.  A message using BLOWFISH simply could not be
read by a PGP user.  By default, GnuPG uses the standard OpenPGP
preferences system that will always do the right thing and create
messages that are usable by all recipients, regardless of which OpenPGP
program they use.  Only override this safe default if you really know
what you are doing.

   If you absolutely must override the safe default, or if the
preferences on a given key are invalid for some reason, you are far
better off using the '--pgp6', '--pgp7', or '--pgp8' options.  These
options are safe as they do not force any particular algorithms in
violation of OpenPGP, but rather reduce the available algorithms to a
"PGP-safe" list.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20190725/168944d5/attachment.sig>

More information about the Gnupg-users mailing list