Re: choice of encryption algorithms

Wed, 20 Jun 2012 21:36:17 -0700 

Hello John !

"John" <jw722531.1.5izon.net> wrote:

> When someone uses my public key to encrypt a message to me, what prevents
> them from trying to use an encryption algorithm of his choice. In other
> words, does the public key itself limit the options available to the person
> sending the message? Thanks.

    First of all, you can list all the allowed protocols on your system using:
GPG --version --verbose
    It looks like this:

??????????????????????????????????????????????????????????
? Cipher-Algos:    ? Digest-Algos:    ? Compress-Algos:  ?
??????????????????????????????????????????????????????????
?                  ?                  ? Z0  Uncompressed ?
? S1  IDEA         ? H1  MD5          ? Z1  ZIP          ?
? S2  3DES         ? H2  SHA1         ? Z2  ZLIB         ?
? S3  CAST5        ? H3  RIPEMD160    ? Z3  BZIP2        ?
? S4  BLOWFISH     ?                  ?                  ?
?                  ?                  ?                  ?
?                  ?                  ?                  ?
? S7  AES          ?                  ?                  ?
? S8  AES192       ? H8  SHA256       ?                  ?
? S9  AES256       ? H9  SHA384       ?                  ?
? S10 TWOFISH      ? H10 SHA512       ?                  ?
? S11 CAMELLIA128  ? H11 SHA224       ?                  ?
? S12 CAMELLIA192  ?                  ?                  ?
? S13 CAMELLIA256  ?                  ?                  ?
??????????????????????????????????????????????????????????

    Using the EditKey command with "pref" and "showpref" on your own key, shows 
you what are the actual settings.
    Using the list above, you can choose the order you want those algorithms to 
be used. You can establish your own list that means "I'd like that one first if 
possible, and if not the 2nd; and if not the 3rd; and so on". GPG compares your 
wishes to the receipient ones, and chooses the first that match.

    So, using the board above, you can set GPG.CONF with something like this:

default-preference-list S7 S11 S12 S13 S1 S10 S3 S4 S2 S9 S8 H3 H8 H9 H10 H11 
H2 H1 Z1 Z2 Z3 Z0
personal-cipher-preferences S7 S11 S12 S13 S1 S10 S3 S4 S2 S9 S8
personal-digest-preferences H3 H8 H9 H10 H11 H2 H1
personal-compress-preferences Z1 Z2 Z3 Z0

    If you set an unsupported preference, GPG complaints.

    When you made all your choices, you can brand your public key with them, 
using the EditKey menu and "setpref default-preference-list"; after that, you 
can send your public key to servers in order to update them.

    From that moment, anybody who wants to send you a message knows what 
algorithms you are preferently using, and he will take the first of your 
choices that matches his choices.
    That works, as I experimented it: a previous version of GPG didn't accepted 
algorithm Z3  (BZIP2) and as I had it branded in my public key on servers, I 
couldnt decrypt messages any more... Changing my "setpref" without Z3 an 
uploading my key on servers, restored the functionality as no more messages 
came in Z3.

-- 
Laurent Jumet
      KeyID: 0xCFAF704C

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to