Do I have to use an IV when using GPG with AES 256?

Question

Do I have to use an IV when using GPG with AES 256? Or does GPG handle that for me?

I've noticed that I get different results each time I run the encryption, i.e.

gpg --symmetric --cipher-algo AES256 --armor test

But is this secure enough without an IV?

score 2 · Answer 1 · answered Dec 30 '14 at 03:21

I'm going to refer you to Thomas Pornin's answer to Will encrypting the same file with GPG and the same key produce the same ciphertext?, which is (as usual) really excellent.

It boils down to: Yes, there is a random IV and an additional random salt during the password to key transformation.

The relevant paragraph is:

The third point also applies when doing password-based encryption (encryption is done with a password, not with a recipient's public key). Password-based encryption also adds a fourth randomization, which is the salt in the password-to-key transform, 3.7.1.3.

Section number added by me from his quotation, link updated.

The third point is:

When doing the symmetric encryption itself, a random IV is used, and will be different (with overwhelming probability) for each invocation. See section 5.7 for details.

Link updated again.

Do I have to use an IV when using GPG with AES 256?

1 Answers1

Linked