can algorithm preferences be changed?

Brian Warner warner at lothar.com
Sat Sep 19 19:33:47 CEST 1998


Howdy..

Instead of creating a new GPG key, I figured I would just import my PGP 5.0
key (since they use the same algorithms). PGP 5.0 doesn't provide a way to
export secret keys, and gpg appears unable to handle the secret-key protection
that pgp5.0 uses on secring.skr, so I had to use the following trick:

 use 'pgpk' to temporarily remove the passphrase on my pgp 5.0 key
 pgpk -xa warner |gpg --import
  (this imports the public key)
 gpg --armor --export-secret-keys --keyring ~/.pgp/pubring.pkr \
  --secret-keyring ~/.pgp/secring.skr warner |gpg --import
  (this imports the secret key)
 use 'pgpk' to replace the passphrase on the 5.0 key
 gpg --edit-key warner
  (to replace the passphrase on my gpg key)

Now I have an apparently fully functional key on my gpg secret key ring. But I
have a problem with the preferences. If I create a new gpg key, the algorithm
preferences get set as follows (displayed with 'gpg --edit-key warner;
prefs'):

Command> pref
pub  1024D/8170B9CE  created: 1998-09-19 expires: never      trust: -/u
(1)  Brian Warner (home) <warner at lothar.com>
     S4 S3 H3 H2 H6 H1 Z2 Z1

When I first imported the pgp5.0 key, I think it had a preference like:

Command> pref
pub  1024D/D139CC4C  created: 1998-04-25 expires: never      trust: -/q
(1)  Brian Warner <warner at lothar.com>
     S3 S1 S2

Now, after importing the 5.0 key I went to change the uid (to add the "home"
comment). To do this, I had to create a new uid then delete the old one. Now
the preferences have gone away completely:

Command> pref
pub  1024D/D139CC4C  created: 1998-04-25 expires: never      trust: f/u
(1)  Brian Warner (home) <warner at lothar.com>

Can the preferences be set or changed? (I assume they fundamentally can, but
there's just no interface for it yet). Specifically, does a signature on my
key include the preferences? If somebody signs my key, and then I change the
preferences, does that signature become invalid? I want to upload my key but
once there is a mechanism for it I intend to change the preferences to
match GPG's capabilities (twofish, etc), so I don't want to start getting it
signed if I know that I'll have to do it again once I change them.

Is the lack of preferences likely to cause any weird behavior? Reading over
the OpenPGP draft it looks like the sender will assume 3DES only, with ZIP
compression.

thanks,
 -Brian
  warner at lothar.com





More information about the Gnupg-devel mailing list