Hi Alex,
* Alex Smily <alex_gn...@yahoo.in> [31. Aug. 2010]:
> now my question is how to choose the symmetric encryption
> algorithm among the available ciphers in GNUPG.
> & is there any way of selecting / adding a new symmetric cipher
> to GNUPG on which both sender and recipient are agreed.
Different OpenPGP clients provide different symmetric ciphers.
Your public key contains among other meta information the
information which symmetric ciphers your OpenPGP client supports
and ranks them according to your preferences [or the defaults if
you did not provide the preferences yourself].
You may set/change the preferences on your key in order to inform
your recipients OpenPGP client about them.
you can do this with the command
gpg --edit-key <your-keyid-here>
and use the commands (you should read the gpg manual):
showpref
More verbose preferences listing for the selected user ID.
This shows the preferences in effect by including the
implied preferences of 3DES (cipher), SHA-1 (digest), and
Uncompressed (compression) if they are not already included
in the preference list. In addition, the preferred keyserver
and signature notations (if any) are shown.
setpref string
Set the list of user ID preferences to string for all (or
just the selected) user IDs. Calling setpref with no argu‐
ments sets the preference list to the default (either built-
in or set via --default-preference-list), and calling set‐
pref with "none" as the argument sets an empty preference
list. Use gpg --version to get a list of available algo‐
rithms. Note that while you can change the preferences on an
attribute user ID (aka "photo ID"), GnuPG does not select
keys via attribute user IDs so these preferences will not be
used by GnuPG.
When setting preferences, you should list the algorithms in
the order which you'd like to see them used by someone else
when encrypting a message to your key. If you don't include
3DES, it will be automatically added at the end. Note that
there are many factors that go into choosing an algorithm
(for example, your key may not be the only recipient), and
so the remote OpenPGP application being used to send to you
may or may not follow your exact chosen order for a given
message. It will, however, only choose an algorithm that is
present on the preference list of every recipient key. See
also the INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS sec‐
tion below.
Use "save" to end editing your keys preferences.
When your OpenPGP client encrytpts to a recipents key it it
searches the cipher capabilities/preferences of your recipents
key and matches them against your preferences as stated in your
config file (again you should read the manual:)
--personal-cipher-preferences string
Set the list of personal cipher preferences to string. Use gpg
--version to get a list of available algorithms, and use none to
set no preference at all. This allows the user to safely override
the algorithm chosen by the recipient key preferences, as GPG will
only select an algorithm that is usable by all recipients. The
most highly ranked cipher in this list is also used for the --sym‐
metric encryption command.
--personal-digest-preferences string
Set the list of personal digest preferences to string. Use gpg
--version to get a list of available algorithms, and use none to
set no preference at all. This allows the user to safely override
the algorithm chosen by the recipient key preferences, as GPG will
only select an algorithm that is usable by all recipients. The
most highly ranked digest algorithm in this list is also used when
signing without encryption (e.g. --clearsign or --sign). The
default value is SHA-1.
--personal-compress-preferences string
Set the list of personal compression preferences to string. Use
gpg --version to get a list of available algorithms, and use none
to set no preference at all. This allows the user to safely over‐
ride the algorithm chosen by the recipient key preferences, as GPG
will only select an algorithm that is usable by all recipients.
The most highly ranked compression algorithm in this list is also
used when there are no recipient keys to consider (e.g. --symmet‐
ric).
HTH, Gregor
--
-... --- .-. . -.. ..--.. ...-.-
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
