Should one really disable AEAD for recent GnuPG created PGP keys?

Tobias Leupold tl at
Mon Mar 4 12:03:41 CET 2024

Hi all :-)

Apparently, there are some problems with the new defaults that are set when 
one creates a PGP key using a recent version of GnuPG (2.4).

I ran into this after generating a new ECC/ED25519 key to replace my "old" RSA 
one. The problem showed up when I re-encrypted my pass password store 
passwords with the new key: After transferring the key to my Android phone and 
importing it into OpenKeychain, I could not decrypt any passwords anymore.

After some research, I found ,

describing this exact issue. As a possible fix, disabling the unsupported AEAD 
mechanism in the key itself was mentioned, the Arch folks write:

They also claim that "many downstreams attempt to remove this new default by 
patching the GnuPG sources".

I'm not that deep into cryptography. I'm not sure I completely grasp what AEAD 
and OCB mean.

So: Is it wise and/or necessary to disable that for new GnuPG generated keys, 
for the sake of interoperability? Or will the others catch up and implement 
it? Or is there a good reason not to do so? Should one keep using legacy RSA 
keys? Is it too early to switch to more modern ones?

Thanks to all cryptography experts for all clarification!

Cheers, Tobias

More information about the Gnupg-users mailing list