GnuPG 2.4.4 still using legacy packets?
Andrew Gallagher
andrewg at andrewg.com
Thu Nov 13 12:56:32 CET 2025
Hi, Peter.
On 13/11/2025 09:23, Peter Pentchev wrote:
> - so, IF NO `--rfc...` OPTION IS SPECIFIED, GnuPG HAS TO default to
> the least common denominator
This is not how GnuPG's compliance options currently work though;
non-default compliance options cause GnuPG to comply with *earlier*
specs, to improve backwards compatibility at the expense of
cryptographic strength.
It would be reasonable, and still solidly defensive, for GnuPG to emit
the old packet framing iff a compliance option such as --rfc2440 was
supplied, or if the key being encrypted to advertised old defaults, or
if the key material uses an algorithm or packet version that pre-dates
rfc4880. But it serves no purpose to continue to use the old format with
modern cryptography that legacy code can't understand anyway.
A
More information about the Gnupg-users
mailing list