Should one really disable AEAD for recent GnuPG created PGP keys?

Tobias Leupold tl at
Mon Mar 4 19:05:03 CET 2024

Hi Werner,

thanks for the clarification!

> All the major implementers (Ribose RNP, GnuPG, BouncyCastle, OpenPGP.js)
> took great care to first deploy the software with support for the new
> mode before actually creating keys with a preference for that mode [1].
> Unfortunately a small group of people seem to sabotage this strategy by
> rejecting the new mode despite that it has been implemented by their
> crypto library.  Well, or your version on Android is too old - which
> would indicate a severe security problem anyway.

This is not about (my) Android (version), I think this is more about 
OpenKeychain (still) not having implemented this. For whatever reason.

However, I filed an issue for that:

IMO interoperability with GnuPG is crucial for this project. Most people using 
that on their phones will come from Linux, or they will at least be GnuPG 

Let's hope for the best ...

> RSA has nothing to do with this.  You can safely switch to curve25519
> (ed25519/cv25519) for new keys - they are supported even longer than OCB
> mode (aka AEAD).

Good to know!

More information about the Gnupg-users mailing list