Should one really disable AEAD for recent GnuPG created PGP keys?

Tobias Leupold tl at
Tue Mar 5 08:42:11 CET 2024

Hi Vincent!

Thanks a lot for this insight!

When it comes to encryption, I would consider myself a "power user", but 
still a user. I never heard of all this until now. What I, from the 
perspective of an end-user, saw was: I generate a new key. And then: 
"Pass no work on me phone anymore, OpenKeychain bad!" ;-)

This whole thing is awkward. As a normal user, you currently have no 
chance to even know this.

So, is what they propose in the Arch wiki the way to go to stick to 
non-embattled interoperable settings? (setpref AES256 AES192 AES SHA512 

I see the rationale for a performant block cipher. But that's nothing I 
need for my use-case; there's simply no advantage at all. Most probably 
for most users. So if there's no broad consensus about this, such an 
option should be hidden behind some "expert" flag, for people knowing 
what they do, and who are willing to trade off interoperability for 
performance. It should not be a default setting letting users like me 
run into problems they can't grasp without deep research.

I don't want to join a "faction". I don't want to participate in a 
religious war. I just want to use encryption ...

I'll file a Gentoo bug about this and see what the devs/maintainers say.

Cheers, Tobias

More information about the Gnupg-users mailing list