encryption algorithm


When generating a RSA key what encryption algorithm is to encryp the private key (when asked to enter a passphrase)?


I don’t understand the question. The passphrase is used with a random-number generator to generate the two large prime numbers needed to produce the RSA key-pair. Neither the public key nor the private key is itself encrypted. They are used to encrypt and decrypt the symmetric key required to encrypt and decrypt a message, which is usually done by AES or IDEA. Have a look at Wikipedia under RSA, and at the other references I gave you in answer to your other query.

Apologies - I do understand the question now, and I should expand on what I said in my last post. The passphrase is encrypted by hashing it and then using the hash to encrypt the private key. The hash algorithm will be either MD5 or one of the SHA algorithms. In my installation of GnuPG, the default preferences are set to MD5 first, then SHA1 (found from gpg --version). The private key is encrypted using a symmetric algorithm with the passphrase hash as key. From my GnuPG defaults, it looks as though IDEA is the default symmetric algorithm, followed by 3DES. You can change these defaults - see the GPG documentation. In the past I have set them up to be SHA256 and AES256.

In use, the private key is stored unencrypted in RAM, so you have to be sure that GPG is fully shut down after you finish using it, and that the PC does not hibernate while GPG is still running.

See this reference: