Page MenuHome GnuPG

Session key encrypted with AES, but SED packet encrypted with AES256
Open, NormalPublic


I'm confused about why we encrypt the session key with AES, but we encrypt the
SED packet with AES256. It seems to me that we ought to use the same strength
cipher for both.

$ echo 1230984129038 | gpg2 --no-option -c -e -r 6C652598 > x
$ pgpdump x
Old: Public-Key Encrypted Session Key Packet(tag 1)(268 bytes)
New version(3)
Key ID - 0xC2B819056C652598
Pub alg - RSA Encrypt or Sign(pub 1)
RSA m^e mod n(2045 bits) - ...

		-> m = sym alg(1 byte) + checksum(2 bytes) + PKCS-1 block type 02

Old: Symmetric-Key Encrypted Session Key Packet(tag 3)(46 bytes)
New version(4)
Sym alg - AES with 128-bit key(sym 7)
Iterated and salted string-to-key(s2k 3):

		Hash alg - SHA1(hash 2)
		Salt - df 8c 71 88 06 86 2b 7e 
		Count - 9961472(coded count 211)

Encrypted session key

		-> sym alg(1 bytes) + session key

New: Symmetrically Encrypted and MDC Packet(tag 18)(67 bytes)
Ver 1
Encrypted data [sym alg is specified in sym-key encrypted session key]

		(plain text + MDC SHA1(20 bytes))

$ gpg2 --show-session-key -d x
gpg: WARNING: unsafe permissions on homedir '/tmp/luca'
gpg: It is only intended for test purposes and should NOT be
gpg: used in a production environment or with production keys!
gpg: WARNING: server 'gpg-agent' is older than us (2.1.10-beta68 < 2.1.12-beta44)
gpg: AES encrypted session key
gpg: encrypted with 1 passphrase
gpg: encrypted with 2048-bit RSA key, ID 6C652598, created 2015-04-07

"Neal H. Walfield <>"

gpg: session key:



Event Timeline

neal added projects: gnupg, Bug Report.
neal added subscribers: neal, werner.

The reason that we encrypted the SED packet with AES256 is that is the preferred
cipher in my public key. I think that the cipher for the s2k function should be
chosen similarly.