Sorry I may be missing the point but why does it now show AES or AES256 as a
pukey?
I think you're misunderstanding how PGP public-key encryption works. When you send an encrypted message, the first thing that happens is a random number called a session key is generated. This session key is then used to encrypt the (compressed, possibly) original message with a symmetric cypher like AES256. Then, this session key is encrypted with the recipient's public key (RSA or ElGamal).

When the message is received by the recipient, he uses his private key to decrypt the session key. Then he uses the session key to decrypt the original message. If you're just using symmetric keys, you use AES256 directly. The passphrase you type in is used as the session key, in this case (actually, there's a random number called "salt" appended to the passphrase to prevent certain attacks, but the idea is the same). With public key cryptography, the software (via the public key algorithms) handles the (difficult) task of giving the recipient the decryption key. With symmetric encryption, it's your responsibility to get the passphrase to the recipient.

If you're still not clear on this, you should definitely read something like Applied Cryptography, so that you can talk intelligently to your client about cryptography. The biggest security problem with crypto is when it's misapplied (people think they're safe, but the crypto is merely obfuscating the message, not securing it).

Another good way to learn about symmetric encryption is to write your own simple encryption program. http://ciphersaber.gurus.com/ will guide you through this.

Feel free to ask us any questions, though :)

Regards,
Jonathan Rockway




Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to