On Mon, 21 Sep 2009 22:36, tschai...@gmail.com said: > 1. I'm working under the assumption that libgcrypt is a library that > encapsulates the cryptographic algorithms and that libgcrypt is used > only by gpg 2.x or greater. gpg 1.4.x does not use libgcrypt and > updates to libgcrypt are not necessarily being patched back into the > gpg 1.4 codebase. Is this correct?
Right. However we have added support for newer algorithms also to gpg 1.4 (e.g. Camellia). > 2. I've read some forum posts that state that libgcrypt is tested > against the NIST CAVS test suite and that 1.4.4 has passed and all > tests and is validated by NIST? Is this correct? If so, does anyone > know which algorithms/validation #'s libgcrypt was validated under? I > can't seem to find them in the NIST database. It is still under evaluation; on the NIST site you find a list of such modules. However before a final evaluation is done the testlabs do internal testings and it happens that I know that Libgcrypt passed them. > 3. Assuming gpg 1.4.x doesn't use libgcrypt directly, what are the > procedures for validating its algorithms (NIST or otherwise)? If you want to do that a lot of work is waiting for you and you have to spend quite some money on that. BTW, it seems that a evaluation of GnuPG-2 is going on in Japan. Shalom-Salam, Werner -- Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users