On 6/20/12 1:10 PM, John wrote:
When someone uses my public key to encrypt a message to me, what
prevents them from trying to use an encryption algorithm of his choice.

Nothing. They can use --cipher-algo to force whatever symmetric algorithm they wish. This may wind up with a message that you're unable to read -- for instance, if your recipient forces AES256 and you're using PGP 7.0, you'll be unable to read it. (This is why most of us advise against using --cipher-algo.)

The certificate does list what algorithms you're capable of reading, and most well-behaved OpenPGP applications will interpret that as ranked preferences ("I most prefer this, then that, then the other"). However, this is purely advisory and the sender can easily ignore it.

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to