• Registered: 2007-06-11
  • Posts: 4

Topic: Symmetric Algorithms

It would be nice if there was a radio button for us to select which algorithm to use for symmetric encryption.

Thanks and good work.  I love this tool.

--gpenguin

  • From: Geneva
  • Registered: 2007-04-04
  • Posts: 1,040

Re: Symmetric Algorithms

Added on the todo list wink

the_glu's Website

  • Registered: 2007-06-18
  • Posts: 111

Re: Symmetric Algorithms

I believe the preferred algorithm for gnupg to use is contained in the gpg.conf file.  Usually the preferred cipher and digest (signature) algorithms are chosen via the personal-cipher-preferences and personal-digest-preferences as explained below:

--personal-cipher-preferences string
    Set the list of personal cipher preferences to string. Use gpg2 --version to get a list of available algorithms, and use none to set no preference at all. This allows the user to factor in their own preferred algorithms when algorithms are chosen via recipient key preferences. The most highly ranked cipher in this list is also used for the --symmetric encryption command.
--personal-digest-preferences string
    Set the list of personal digest preferences to string. Use gpg2 --version to get a list of available algorithms, and use none to set no preference at all. This allows the user to factor in their own preferred algorithms when algorithms are chosen via recipient key preferences. The most highly ranked digest algorithm in this list is algo used when signing without encryption (e.g. --clearsign or --sign). The default value is SHA-1.

With each of these choices the string is a comma separated list using either the Sx or Hx notation as specified below (note you can generate this list with your own gpg version by typing at the command line gpg -v --version:

Cipher: IDEA (S1), 3DES (S2), CAST5 (S3), BLOWFISH (S4), AES (S7), AES192 (S8),
        AES256 (S9), TWOFISH (S10), CAMELLIA128 (S11), CAMELLIA192 (S12),
        CAMELLIA256 (S13)
Hash: MD5 (H1), SHA1 (H2), RIPEMD160 (H3), SHA256 (H8), SHA384 (H9),
      SHA512 (H10), SHA224 (H11)

So for example to set the cipher preferences I would add the following within the gpg.conf file:
--personal-cipher-preferences S9,S8,S7,S10,S4,S1,S2

Always include 3DES -> This is considered the default cipher

SHA1 is considered the default hash

Please note the Camellia ciphers are considered experimental, and unless you have compiled your gpg version from source, neither the IDEA or Camellia ciphers will be available in the "stock" installation.  Camellia ciphers are likely to be added to the "stock" installation, once Camellia is officially recognized by the OpenGPG committee (unsure on the time-table of this decision).