How to enable a block cipher or hash algorithm for a keypair?

Robert J. Hansen rjh at sixdemonbag.org
Sun Nov 5 16:29:43 CET 2006


Crest da Zoltral wrote:
> I searched any documentation i found on the net about how to edit keys,
> but I didn't found a way to enable a different cipher or digest? With
> `gpg --edit-key $key_id showpref` it's only possible to view the
> preferences and `gpg --edit-key $key_id pref` seems only to print the
> prefs in shorter harder to read form. So how can I enable Twofish and
> SHA-512 (without overriding the preferences with --cipher-algo and
> --digest-algo)?

While Alphax gave you some good advice, it may also be unnecessary
advice or irrelevant advice.

You don't need to do anything, really, to enable a different cipher or
digest.  They're all enabled.  It isn't as if, should you receive
BLOWFISH-encrypted traffic, that you need to make sure your key is set
to read BLOWFISH.

The available algorithms--all of which are enabled--can be found just by
typing:

	gpg --version

For instance, I get:

Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224


... If what you want is to start using a different algorithm, a better
idea than using --cipher-algo and --digest-algo is to use the algorithm
preferences.  Try adding these two lines to gpg.conf:

personal-cipher-preferences TWOFISH AES256 AES192 AES128 3DES
personal-digest-preferences SHA512 SHA384 SHA256 SHA224 RIPEMD160


... Also, you may want to consider whether you really want to start
using SHA512.  There's nothing wrong with it, but only very recent
versions of PGP understand it.  If interoperability is a concern, you're
much better off with SHA256, which is understood by PGP 8.1 and later.





More information about the Gnupg-users mailing list