From c43423f0bdf096970b304bf2154764e08d79347f Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Fri, 1 Apr 2005 09:03:15 +0000
Subject: [PATCH] (keygen_set_std_prefs): Explain the chosen order of AES key
 sizes.

---
 g10/keygen.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/g10/keygen.c b/g10/keygen.c
index 1f325ceb5..c238b07d2 100644
--- a/g10/keygen.c
+++ b/g10/keygen.c
@@ -325,7 +325,7 @@ keygen_set_std_prefs (const char *string,int personal)
     byte sym[MAX_PREFS], hash[MAX_PREFS], zip[MAX_PREFS];
     int nsym=0, nhash=0, nzip=0, val, rc=0;
     int mdc=1, modify=0; /* mdc defaults on, modify defaults off. */
-    char dummy_string[45]; /* enough for 15 items */
+    char dummy_string[45+1]; /* Enough for 15 items. */
 
     if (!string || !ascii_strcasecmp (string, "default"))
       {
@@ -335,6 +335,18 @@ keygen_set_std_prefs (const char *string,int personal)
 	  {
 	    dummy_string[0]='\0';
 
+            /* The rationale why we use the order AES256,192,128 is
+               for compatibility reasons with PGP.  If gpg would
+               define AES128 first, we would get the somewhat
+               confusing situation:
+
+                 gpg -r pgpkey -r gpgkey  ---gives--> AES256
+                 gpg -r gpgkey -r pgpkey  ---gives--> AES
+                 
+               Note that by using --personal-cipher-preferences it is
+               possible to prefer AES128.
+            */
+
 	    /* Make sure we do not add more than 15 items here, as we
 	       could overflow the size of dummy_string. */
 	    if(!check_cipher_algo(CIPHER_ALGO_AES256))