Re: cipher used when both --encrypt and --symmetric is specified

Mon, 29 Feb 2016 02:55:39 -0800 

Hi Vedaal,

You are correct that is not my real key ID.

Funny enough the key was generated in Nov-2015. However you are absolutely
correct about the --s2k-cipher-algo option. I added that to my gpg.conf and
after that symmetric + public works exactly as I expected. I get AES256
every time.

There is one thing I would like to understand - the man page says:
       --s2k-cipher-algo name
              Use  name as the cipher algorithm used to protect secret
keys.  The default cipher is CAST5. This cipher is also used for
conventional encryption if --personal-cipher-pref‐
              erences and --cipher-algo is not given.

So CAST5 is the preferred cipher for secret keys and is also the default
for symmetric. On the other hand using --personal-cipher-preferences does
not seem to apply to symmetric + public encryption. Is this by design?

Regards,
Martin

On Fri, 26 Feb 2016 at 14:52 <ved...@nym.hush.com> wrote:

>
> On 2/26/2016 at 5:48 AM, "Martin Ilchev" <martini5...@gmail.com> wrote:
>
> >I did set my key preferences a few months ago and made sure the
> >key had
> >them as well. Here is the output of showperf:
> >
> >     Cipher: AES256, AES192, AES, CAST5, 3DES
> .....
>
> >> > 2. Symmetrically encrypt and also encrypt for my own public
> >key:
> >> > gpg2 -vvv --symmetric --encrypt --sign -r 0x1234567890ABCDEF
>
> >> > decrypting the file shows that the cipher used is CAST5
>
> =====
>
> 0x1234567890ABCDEF is obviously not your real key id.
>
> I suspect the key was generated some time ago, when the default cipher to
> protect one's secret key, was CAST5
>
> GnuPG's default choice for the encryption algorithm for a symmetric cipher
> will be what the s2k-cipher-algo is.
>
> In your case for that key, it is CAST 5
>
>
> Try This:
>
> gpg2  --s2k-cipher-algo AES256 --symmetric --encrypt --sign -r
> 0x1234567890ABCDEF  filename
>
> The encryptions should now be with AES256 for both the symmetric part and
> the part encrypted to your key.
>
>
> vedaal
>
>

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to