choice of encryption algorithms
Robert J. Hansen
rjh at sixdemonbag.org
Wed Jun 20 19:18:28 CEST 2012
On 6/20/12 1:10 PM, John wrote:
> When someone uses my public key to encrypt a message to me, what
> prevents them from trying to use an encryption algorithm of his choice.
Nothing. They can use --cipher-algo to force whatever symmetric
algorithm they wish. This may wind up with a message that you're unable
to read -- for instance, if your recipient forces AES256 and you're
using PGP 7.0, you'll be unable to read it. (This is why most of us
advise against using --cipher-algo.)
The certificate does list what algorithms you're capable of reading, and
most well-behaved OpenPGP applications will interpret that as ranked
preferences ("I most prefer this, then that, then the other"). However,
this is purely advisory and the sender can easily ignore it.
More information about the Gnupg-users
mailing list