Should one really disable AEAD for recent GnuPG created PGP keys?
Tobias Leupold
tl at stonemx.de
Mon Mar 4 12:03:41 CET 2024
Hi all :-)
Apparently, there are some problems with the new defaults that are set when
one creates a PGP key using a recent version of GnuPG (2.4).
I ran into this after generating a new ECC/ED25519 key to replace my "old" RSA
one. The problem showed up when I re-encrypted my pass password store
passwords with the new key: After transferring the key to my Android phone and
importing it into OpenKeychain, I could not decrypt any passwords anymore.
After some research, I found
https://github.com/open-keychain/open-keychain/issues/2886 ,
describing this exact issue. As a possible fix, disabling the unsupported AEAD
mechanism in the key itself was mentioned, the Arch folks write:
https://wiki.archlinux.org/title/GnuPG#Disable_unsupported_AEAD_mechanism
They also claim that "many downstreams attempt to remove this new default by
patching the GnuPG sources".
I'm not that deep into cryptography. I'm not sure I completely grasp what AEAD
and OCB mean.
So: Is it wise and/or necessary to disable that for new GnuPG generated keys,
for the sake of interoperability? Or will the others catch up and implement
it? Or is there a good reason not to do so? Should one keep using legacy RSA
keys? Is it too early to switch to more modern ones?
Thanks to all cryptography experts for all clarification!
Cheers, Tobias
More information about the Gnupg-users
mailing list