Question about symmetric AES cipher in GnuPG

Werner Koch wk at
Fri Nov 1 11:19:30 CET 2019

On Wed, 30 Oct 2019 17:19, Brian Minton said:

> My guess is, the gpg one also is doing MDC, so you'd have to add the
> equivalent HMAC code to openssl, but that's just a complete guess.  

The OpenPGP MDC is a SHA-1 hash appended to the plaintext and then
encrypted along with the data.  The usual OpenPGP packet structure is
used; details are in RFC-4880. Further OpenPGP's symmetric encryption
uses a random session key and encrypts that session key using the
passphrase as key.  This allows to have several independent passphrases
or public keys for the same data.

You can't easily implement that with OpenSSL in a script.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <>

More information about the Gnupg-users mailing list