Mailing List Archive

I sent the following note to the list a week ago and haven't received
any replies, so I thought I'd give it one more shot. Can anyone help
me associate a default cipher-algo preference to be associated with
each key in my keyring? Thanks --Glenn

----- Forwarded message from Glenn Leavell <glenn@leavell.com> -----

Date: Tue, 19 Sep 2000 14:29:23 -0400
From: Glenn Leavell <glenn@leavell.com>
To: gnupg-users@gnupg.org
Subject: GnuPG 1.03, RSA/IDEA, and cipher-algo preferences

I'm using GnuPG 1.03 with external IDEA support, and I've been able to
successfully use IDEA to send encrypted documents to PGP users with an
RSA key. To accomplish this, I'm using the "--cipher-algo idea" option.
According to gpg(1) :

--cipher-algo name
Use name as cipher algorithm. Running the pro­
gram with the command --version yields a list of
supported algorithms. If this is not used the
cipher algorithm is selected from the prefer­
ences stored with the key.

This makes it sound like I can associate a default cipher algorithm
preference for each key in my keyring. Unfortunately, I haven't been
able to determine how to set this preference from reading the man pages
or the GnuPG Handbook. I'd love to be able to automatically use IDEA
when encrypting to PGP users and something like 3DES or BLOWFISH when
encrypting to GnuPG users. Can anyone offer any assistance?

Thanks,
Glenn

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

Glenn Leavell wrote:

> I sent the following note to the list a week ago and haven't received
> any replies, so I thought I'd give it one more shot. Can anyone help
> me associate a default cipher-algo preference to be associated with
> each key in my keyring? Thanks --Glenn

AFAIK you can't do this at the moment. Preferences are associated
with keys by the applications -- pgp and gpg for example. There is no
way to modify them as a user.

This has been on the "wishlist" for quite a while and will probably be
added at some point. (At least this is my understanding; if this is
not the case please don't think I am trying to "volunteer" anyone to
do the work.)

--
Pete

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Glenn Leavell, at 10:09 -0400 on Tue, 26 Sep 2000, wrote:

> --cipher-algo name
> Use name as cipher algorithm. Running the pro­
> gram with the command --version yields a list of
> supported algorithms. If this is not used the
> cipher algorithm is selected from the prefer­
> ences stored with the key.
>
> This makes it sound like I can associate a default cipher algorithm
> preference for each key in my keyring.

It does? Doesn't sound like that to me. What it means is that you
specify not a default cipher for the key, but a cipher to use for that
session. That is, you use --cipher-algo in conjunction with --encrypt or
similar command.

- --
Frank Tobin http://www.uiuc.edu/~ftobin/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (FreeBSD)
Comment: pgpenvelope 2.9.0 - http://pgpenvelope.sourceforge.net/

iEYEARECAAYFAjnQuKoACgkQVv/RCiYMT6OdtQCfeHVOc0plqp8cERKtoJcoPRvT
B+MAnj1BD4d3gNHkUNm3HbIzRZSsj6RF
=5aJs
-----END PGP SIGNATURE-----

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

On Tue, Sep 26, 2000 at 09:54:27AM -0500, Frank Tobin wrote:

# > --cipher-algo name
# > Use name as cipher algorithm. Running the pro­
# > gram with the command --version yields a list of
# > supported algorithms. If this is not used the
# > cipher algorithm is selected from the prefer­
# > ences stored with the key.
# >
# > This makes it sound like I can associate a default cipher algorithm
# > preference for each key in my keyring.
#
# It does? Doesn't sound like that to me. What it means is that you
# specify not a default cipher for the key, but a cipher to use for that
# session. That is, you use --cipher-algo in conjunction with --encrypt or
# similar command.

Thanks for the response. I didn't mean that the man page description for
the --cipher-algo option was to be used to specify a general preference. I
was referring to the sentence that says "If this [the --cipher-algo option]
is not used the cipher algorithm is selected from the preferences stored
with the key." And my question is: How do I specify that stored
preference?

Thanks again,
Glenn

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

> Thanks for the response. I didn't mean that the man page description for
> the --cipher-algo option was to be used to specify a general preference.
> I
> was referring to the sentence that says "If this [the --cipher-algo
> option]
> is not used the cipher algorithm is selected from the preferences stored
> with the key." And my question is: How do I specify that stored
> preference?

By creating a Key ;-) Seriously, the algorithm preferences are stored
in the self-signature of a user ID (You can review them by running
gpg --list-packets on a public key file or using the pref command in
the --edit-key function). I don´t know, whether algrithm preferences
are possible at all with RSA keys/v3 sigs.

Currently the preferences 10/4/3 (Twofish, Blowfish, Cast5) are
hard-wired into the GnuPG key creation process.
You´d have to go source-diving to change them (g10/keygen.c, IIRC).

Apparently, editing functionality is on the wish list for version 1.1.

See also:
http://lists.gnupg.org/gnupg-users-200009/msg00119.html
http://lists.gnupg.org/gnupg-users-200009/msg00120.html

HTH.
Tschuess,
Ralf

--
Ralf Hüls Bismarckplatz
KSV Kreditschutz-Vereinigung GmbH 44866 Bochum
Score-Consult Tel. 02327/9114-28
http://www.schufa.de/ Fax. 02327/8 40 27




--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

> Currently the preferences 10/4/3 (Twofish, Blowfish, Cast5) are
> hard-wired into the GnuPG key creation process.

I just noticed that this seems to have been changed slightly in 1.0.3.

Tschuess,
Ralf

--
Ralf Hüls Bismarckplatz
KSV Kreditschutz-Vereinigung GmbH 44866 Bochum
Score-Consult Tel. 02327/9114-28
http://www.schufa.de/ Fax. 02327/8 40 27




--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

On Tue, 26 Sep 2000, Glenn Leavell wrote:

> with the key." And my question is: How do I specify that stored
> preference?

This is creates along with a new key or if you chnage the expiration
date of a key (edit menu -> expire). However, there is no way to
chnage it without recompiling. Changing the preferences in the
source is easy: Have a look at g10/keygen:add_std_preferences()

Ciao,

Werner


--
Werner Koch GnuPG key: 621CC013
OpenIT GmbH http://www.OpenIT.de

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org

On Wed, Sep 27, 2000 at 07:59:52AM +0200, Huels, Ralf KSV wrote:

# By creating a Key ;-) Seriously, the algorithm preferences are stored
# in the self-signature of a user ID (You can review them by running
# gpg --list-packets on a public key file or using the pref command in
# the --edit-key function). I don´t know, whether algrithm preferences
# are possible at all with RSA keys/v3 sigs.
#
# Currently the preferences 10/4/3 (Twofish, Blowfish, Cast5) are
# hard-wired into the GnuPG key creation process.
# You´d have to go source-diving to change them (g10/keygen.c, IIRC).

Thanks -- this clears up a lot for me. From reading everyone's responses
and testing things with various keys, I've figured out what I've
really been trying to ask:

If I want to use gpg to encrypt something to someone's old RSA/IDEA key, I
can do so by including "--cipher-algo idea", and it works fine. However,
if I leave off this option, the person trying to decrypt the message
(using PGP) "Unsupported packet format - you need a newer version of PGP
for this file." But if I look at their public key with --list-packets,
I see that their RSA key *does* have a preference for algorithm 1, which
is IDEA. So, why do I need to be explicit about wanting to use IDEA
with the --cipher-algo option? Why doesn't gpg pick up on this preference
based on the public key itself?

Thanks,
Glenn

--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org