On 6/20/12 1:10 PM, John wrote:
When someone uses my public key to encrypt a message to me, what prevents them from trying to use an encryption algorithm of his choice.
Nothing. They can use --cipher-algo to force whatever symmetric algorithm they wish. This may wind up with a message that you're unable to read -- for instance, if your recipient forces AES256 and you're using PGP 7.0, you'll be unable to read it. (This is why most of us advise against using --cipher-algo.)
The certificate does list what algorithms you're capable of reading, and most well-behaved OpenPGP applications will interpret that as ranked preferences ("I most prefer this, then that, then the other"). However, this is purely advisory and the sender can easily ignore it.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users