On Mar 10, 2010, at 4:07 PM, Robert Palmer wrote: > During exchange of a public key to a 3rd party – they rejected the key for > not having a compatible cipher; so, after doing some research the key was > edited within gpg to update prefs on the key which now shows a compatible > cipher (in this case, AES-256). I re-exported the public key and noticed > that the ascii representation was different – this leads me to my question, > which is: is this new key 100% compatible with the old key? To elaborate, > will previous other 3rd party entities (equipped only with the non-updated > prefs version) still be able to decrypt and accept messages signed with the > new key? Preliminary testing shows that the updated prefs version encrypted > message is able to be decrypted and signature verified on the non-updated > prefs version keyring system. > > I am thinking (from preliminary tests) that the “key” information does not > get updated at all – but, somehow, the cipher preferences are embedded in the > public key – hence, the reason that the exported public key ASCII > representation was different before and after updating preferences.
This is exactly correct. The prefs are just a field attached to the key. However, your 3rd party should not have rejected the key. The OpenPGP preferences system is designed to *always* reach a valid answer. Every preference list contains Triple-DES, whether you explicitly list it there or not, and every OpenPGP program is compatible with Triple-DES. If no other compatible ciphers are found, the answer is Triple-DES. David _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
