Page MenuHome GnuPG

Using GPA and Kleopatra in gpg4win does not allow you to change cipher-algo
Closed, ResolvedPublic

Description

When using gpg4win 2.3.0, you cannot change cipher-algo to most values that
should be accepted. Both GPA and Kleopatra offer you choices to modify
cipher-algo. In Kleopatra, this is: Settings -> Configure Kleopatra -> GnuPG
System -> GPG for S/MIME. In GPA, this is: Edit -> Backend preferences ->
Set Level to Advanced -> Tab GPG for S/MIME.

In both, the setting defaults to AES. In GPA, certain strings are rejected
when apply is hit, and the option then defaults back to whatever was
previously there. In Kleopatra, certain strings cause the error message
"Error from gpgconf while saving configuration: Operation not permitted".

According to gpg --version, the following ciphers are available:

IDEA
3DES
CAST5
BLOWFISH
AES
AES192
AES256
TWOFISH
CAMELLIA128
CAMELLIA192
CAMELLIA256

AES is entered and accepted by default. When trying the other strings, the
following is observed.

IDEA: fail
3DES: accepted
CAST5: fail
BLOWFISH: fail
AES: accepted
AES192: fail
AES256: accepted
TWOFISH: fail
CAMELLIA128: accepted
CAMELLIA192: accepted
CAMELLIA256: accepted

When used on the command line, I am able to use the --cipher-algo argument
to perform RSA/TWOFISH on a file. I am not sure why the --cipher-algo cannot
be set from the GUI.

Details

Version
2.3.0

Revisions and Commits

Event Timeline

TARehman added projects: gpg4win, Bug Report.
TARehman added a subscriber: TARehman.

You should not change a cipher algo because the OpenPGp preference system takes
care of it. If you really want to do it, you need to change the config files
directly. See also the FAQ.

werner claimed this task.
werner lowered the priority of this task from Normal to Wishlist.
werner added projects: Feature Request, Won't Fix.
werner removed a project: Bug Report.

I did not see anything in the FAQ dealing specifically with the GUI not
working. That is what this bug is about. I agree that changing the cipher-algo
should be done cautiously, but either the front-end should not permit it to
appear to happen, or the front-end should actually do the expected behavior
(namely, changing the config files).

To list the available ciphers for S/MIME, you need to use "gpgsm --version" and
not "gpg --version". This is the reason for IDEA etc failing. This is also
not specific to gpgwin and thus I changed the category to gnupg.

However, you actually found two bugs: AES192 did not work due to a typo. I have
pushed a fix for this. Also Serpent does not work with current Libgcrypt
versions; I pushed a fix too, so that it will work with Libgcrypt 1.7.1

Note that the output of "gpgsm --version" may lists algorithm which in the end
cannot be used. This is not easy to fix and thus we need to live with this
little annoyance.

werner raised the priority of this task from Wishlist to Low.Jun 14 2016, 4:06 PM
werner added projects: Testing, Bug Report, gnupg.
werner added a project: S/MIME.

Ah, I see. The GUI interface affects the S/MIME algorithm, not the general
one. I don't know why I didn't put that together sooner. Well, I'm glad that
it revealed the minor bug anyway.

werner removed a project: Testing.
werner added a project: Unreleased.