Changing the encryption algorithm used for PGP/GPG private key

Ingo Klöcker kloecker at kde.org
Fri Feb 18 09:55:39 CET 2022


On Montag, 14. Februar 2022 10:36:25 CET Daniel Colquitt via Gnupg-users 
wrote:
> I've read various tutorials and posts regarding changing the algorithm used 
to encrypt my private PGP keys. However, nothing I have tried seems to work. I 
am using gpg4win:
[...]
> My gpg.conf file located at
> C:\Users\[REDACTED]\AppData\Roaming\gnupg\gpg.conf is
> > personal-digest-preferences SHA512
> > cert-digest-algo SHA512
> > default-preference-list SHA512 SHA384 SHA256 SHA224 SHA1 AES256 AES192 AES
> > ZLIB BZIP2 ZIP Uncompressed OCB EAX ks-modify personal-cipher-preferences
> > AES256 AES192 AES
> > s2k-mode 3
> > s2k-cipher-algo AES256
> > s2k-digest-algo SHA512
> > s2k-count 65011712
> > cipher-algo AES256

As far as I can tell `man gpg` does not claim that any of these settings 
influence the encryption of secret keys.

> > :secret key packet:
> >     ...
> >     iter+salt S2K, algo: 7, SHA1 protection, hash: 2,
> >     ...
> 
> This would seem to suggest that the key is still encrypted using AES128
> (algo 7) and a SHA1 hash.

Not sure about the encryption algo, but the usage of SHA-1 seems to be 
mandatory (unless one wants to use a completely insecure two-octet checksum):
https://datatracker.ietf.org/doc/html/rfc4880#section-5.5.3

Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220218/8164b356/attachment.sig>


More information about the Gnupg-users mailing list