Determination and handling of preferred symmetric algorithms for OpenPGP keys was updated starting in Diplomat Managed File Transfer v4.0:
- OpenPGP keys created by Diplomat v4.0 or later specify AES-256, 3DES, and CAST5, in that order, as the preferred algorithms.
- OpenPGP keys imported by Diplomat v4.0 or later use the preferred algorithms specified in the signature block of the original OpenPGP keys for file encryption. If no preferred algorithms are specified in the signature block or if none of the algorithms specified are supported by Diplomat, Diplomat uses 3DES for encryption.
- OpenPGP keys (public key or key pair), created by Diplomat v4.0 or later and then exported, specify AES-256, 3DES, and CAST5 as the preferred algorithms in the signature block.
- OpenPGP keys (public key or key pair), imported using Diplomat v4.0 or later and then exported, specify the same preferred algorithms as the signature block of the original OpenPGP key before import. Thus, if an application uses an exported public key for encryption, it may select an algorithm other than AES-256, 3DES, or CAST5 for encryption depending on the contents of the original signature block.
Handling of preferred algorithms of OpenPGP keys created or imported prior to Diplomat Managed File Transfer v4.0 is as follows:
- OpenPGP public keys created or imported by Diplomat v3.5 or earlier always use AES-256 or CAST5 when encrypting files.
- Diplomat v4.0 or later continues to use the same AES-256 and CAST5 algorithms for encryption for any pre-existing OpenPGP keys. CAST5 is used when the "5.x/6.x Compatible" checkbox was checked during key creation or import. AES-256 is used when the "5.x/6.x Compatible" checkbox was NOT checked during key creation or import.
OpenPGP keys, created by or imported using Diplomat v3.5 or earlier and then exported also using Diplomat v3.5 or earlier, do not have any preferred algorithms listed in the signature block of the exported OpenPGP key. Re-export of these pre-existing keys using Diplomat v4.0 or later will result in OpenPGP keys with signature blocks as follows:
- Keys created by Diplomat v3.5 or earlier and exported using Diplomat v4.0 specify the same algorithm used by Diplomat for encryption (AES-256 or CAST5) as the preferred algorithm in the signature block.
- Keys imported using Diplomat v3.5 or earlier and exported using Diplomat v4.0 specify the list of algorithms in the original key (pre-imported) as the preferred algorithms in the signature block.
OpenPGP key screen in Diplomat v4.0 or later displays a Preferred Symmetric Algorithm(s) field in the master key panel. The Symmetric Algorithm fields in the subkey panels have been removed. All subkeys now use the same preferred symmetric algorithms as the master key.