--digest-algo ignored on gnupg-1.4.9?
vedaal at nym.hush.com
vedaal at nym.hush.com
Wed Jan 5 23:20:35 CET 2011
>Message: 2
>Date: Wed, 05 Jan 2011 14:01:10 -0500
>From: "Robert J. Hansen" <rjh at sixdemonbag.org>
>To: gnupg-users at gnupg.org
>Subject: Re: --digest-algo ignored on gnupg-1.4.9?
>> Hi, it appears --digest-algo is ignored for symmetric encryption
>using gpg
>> 1.4.9.
>SHA-1 is used in the symmetric packet, as is expected. See
>RFC4880,
>section 5.13: "Symmetrically Encrypted Integrity Protected Data
>Packet":
>SHA-1 is the only option for digest algorithms for this particular
>packet.
>
>--digest-algo will let you determine which algorithm to use,
>whenever
>there is a choice of which algorithm to use. There is no choice
>here.
There sort-of is, but in an out of the way place,
and it's not apparent that the digests and ciphers for symmetric
encryption are determined from there.
It's in the s2k preferences:
(the default is CAST5 and SHA1)
Here are mine:
s2k-cipher-algo 3DES
s2k-digest-algo SHA256
Here is a symmetric message done without any further instruction
about what cipher and digest to use:
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.10 (MingW32)
Comment: passphrase: sss
jA0EAgMIKVw2YR19EaZgySef30aCPaVOs1/gfRxxdfHPbvR27papUYOEyj4lZ/+l
cv0c77KqiOI=
=13Ks
-----END PGP MESSAGE-----
Here is the gpg output:
gpg v:\j1.txt.asc
gpg: armor: BEGIN PGP MESSAGE
gpg: armor header: Version: GnuPG v1.4.10 (MingW32)
gpg: armor header: Comment: passphrase: sss
:symkey enc packet: version 4, cipher 2, s2k 3, hash 8
salt 295c36611d7d11a6, count 65536 (96)
gpg: 3DES encrypted data
:encrypted data packet:
length: 39
gpg: encrypted with 1 passphrase
:compressed packet: algo=1
:literal data packet:
mode b (62), created 1294263096, name="j1.txt",
raw data: 11 bytes
gpg: original file name='j1.txt'
File `v:\j1.txt' exists. Overwrite? (y/N) y
gpg: decryption okay
gpg: WARNING: message was not integrity protected
gpg: session key:
`2:FEAF701191406BCD0FA27D387E2CAA34BCD5CB2FFF82DC79'
Note 'cipher 2' and 'hash 8'
vedaal
More information about the Gnupg-users
mailing list