[Gpg4win-users-en] Cipher block modes (Re: GPG4Win and FIPS 140-2 Compliant)

Bernhard Reiter bernhard at intevation.de
Tue Jul 13 09:44:48 CEST 2021


Hi Gaurav,

Am Montag 12 Juli 2021 23:21:03 schrieb Gaurav Sharma:
> I can run gpg --version and system tells me about the supported algorithms
> but I am looking to find out what cipher blocks GPG4Win supports:
>
> For example: ECB, CFB, CBC, OFB, CTR, CCM, GCM, OCB, XTS, EAX

okay, seems you are looking for the supported
  https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation

Gpg4win contains GnuPG 2.2 as its crypto engine.
GnuPG 2.2 mainly implements OpenPGP (with some extensions) and
S/MIME.

For OpenPGP, the standard mandates "OpenPGP CFB Mode"
https://datatracker.ietf.org/doc/html/rfc4880#section-13.9
which is considered secure (enough) because of the way it is used
(e.g. with MDC over more than 15 years).

GnuPG 2.3 has support for potentially upcoming OpenPGP modes like
   AEAD encryption mode using OCB or EAX.
https://lists.gnupg.org/pipermail/gnupg-announce/2021q2/000458.html

For S/MIME I think it is CBC mode, what is implemented. 
I would need to look that up in more detail.

If you use GnuPG (and its library libgcrypt) for crypto development on your 
own (outside of the standards), there are more modes you can potentially use
Here is the list of cipher block modes of the current libgcrypt version
https://www.gnupg.org/documentation/manuals/gcrypt/Available-cipher-modes.html

> Is there any configuration setting we can use to pass the cipher block
> name?

For a standard like OpenPGP or S/MIME it does not make sense to configre a 
cipher block mode, because you want to be compatible with the standards. 

When using GnuPG's crypto library libgcrypt from your code, you'll set the 
parameters like described in the manual.

Best Regards,
Bernhard
-- 
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-users-en/attachments/20210713/15e1ac66/attachment.sig>


More information about the Gpg4win-users-en mailing list