Hello all, I've been trying to find some information on GPG and how it's algorithms are validated. Unfortunately, I've been coming up empty on the web site and in archive searches. Hopefully, some of you can answer my questions and confirm some of assumptions.
1. I'm working under the assumption that libgcrypt is a library that encapsulates the cryptographic algorithms and that libgcrypt is used only by gpg 2.x or greater. gpg 1.4.x does not use libgcrypt and updates to libgcrypt are not necessarily being patched back into the gpg 1.4 codebase. Is this correct? 2. I've read some forum posts that state that libgcrypt is tested against the NIST CAVS test suite and that 1.4.4 has passed and all tests and is validated by NIST? Is this correct? If so, does anyone know which algorithms/validation #'s libgcrypt was validated under? I can't seem to find them in the NIST database. 3. Assuming gpg 1.4.x doesn't use libgcrypt directly, what are the procedures for validating its algorithms (NIST or otherwise)? Your help is greatly appreciated. Thanks, --Tom _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users