Hi, Peter. On 13/11/2025 09:23, Peter Pentchev wrote:
- so, IF NO `--rfc...` OPTION IS SPECIFIED, GnuPG HAS TO default to the least common denominator
This is not how GnuPG's compliance options currently work though; non-default compliance options cause GnuPG to comply with *earlier* specs, to improve backwards compatibility at the expense of cryptographic strength.
It would be reasonable, and still solidly defensive, for GnuPG to emit the old packet framing iff a compliance option such as --rfc2440 was supplied, or if the key being encrypted to advertised old defaults, or if the key material uses an algorithm or packet version that pre-dates rfc4880. But it serves no purpose to continue to use the old format with modern cryptography that legacy code can't understand anyway.
A _______________________________________________ Gnupg-users mailing list [email protected] https://lists.gnupg.org/mailman/listinfo/gnupg-users
