Your message dated Fri, 8 May 2009 14:22:59 +0200 (CEST)
with message-id <[email protected]>
and subject line Bug#494194: gnupg: Choice of algorithms for --symmetric is
obscure
has caused the Debian Bug report #494194,
regarding gnupg: Choice of algorithms for --symmetric is obscure
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
494194: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494194
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: gnupg
Version: 1.4.9-2
Severity: normal
Hi!
The choice of algorithms used for conventional encryption of messages
(--symmetric) is quite obscure. The user must provide a passphrase which
is hashed, the result of which is used as an encryption key. Now, the
hash is selected by "s2k-digest-algo", not "digest-algo", while the
symmetric cipher is selected by "cipher-algo" (or the first cipher in
"personal-cipher-preferences"), not "s2k-cipher-algo".
This is surprising, as in the case of existing
personal-cipher-preferences (in a configuration file), in order to
explicitly set the cipher and digest, one has to use --cipher-algo and
--s2k-digest-algo. There should be explicit options for the choice of
cipher and digest algorithm used for --symmetric encryption. That way,
one could set sane defaults in a configuration file.
Marc
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (745, 'testing'), (367, 'unstable'), (234, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.26
Locale: LANG=C, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages gnupg depends on:
ii gpgv 1.4.9-2 GNU privacy guard - signature veri
ii libbz2-1.0 1.0.5-0.1 high-quality block-sorting file co
ii libc6 2.7-10 GNU C Library: Shared libraries
ii libreadline5 5.2-3 GNU readline and history libraries
ii libusb-0.1-4 2:0.1.12-12 userspace USB programming library
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime
Versions of packages gnupg recommends:
ii libldap-2.4-2 2.4.10-2+lenny1 OpenLDAP libraries
Versions of packages gnupg suggests:
ii eog 2.22.3-1 Eye of GNOME graphics viewer progr
pn gnupg-doc <none> (no description available)
ii imagemagick 7:6.3.7.9.dfsg1-2+b2 image manipulation programs
pn libpcsclite1 <none> (no description available)
-- no debconf information
--- End Message ---
--- Begin Message ---
Upstream has answered and rejected the OPs concerns. No reaction by the OP.
I further think, this is better discussed on a gnupg* list rather than the
Debian BTS.
Closing. Please feel free to comment my decision and/or reopen your report
if necessary.
Regards, Daniel
--- End Message ---
