prefered key/subkey for decryption

Werner Koch wk at gnupg.org
Tue Dec 5 10:11:52 CET 2023 

Hi!

On Tue,  5 Dec 2023 00:00, Maxime de Roucy said:

> On gnupg 2.4.3 the fist subkey tried is the "local" one.
> I think that it's because the "local" subkey is rsa4096, which is more secure
> than rsa2048 (the yubikey subkey).

No, there is such logic.

> I found --personal-cipher-preferences, --personal-digest-preferences and
> --personal-compress-preferences but as both subkeys are RSA… it doesn't help.

That does not help with decryption.  In general this problem shows up if
you receive a lot of mails using an anonymous recipients
(--throw-keyids) and gpg ask you to insert all your cards one after the
ther.   We have this TODO item in the code:

      /* FIXME: The list needs to be sorted so that we try the keys in
       * an appropriate order.  For example:
       * - On-disk keys w/o protection
       * - On-disk keys with a cached passphrase
       * - On-card keys of an active card
       * - On-disk keys with protection
       * - On-card keys from cards which are not plugged it.  Here a
       *   cancel-all button should stop asking for other cards.
       * Without any anonymous keys the sorting can be skipped.
       */

Your use case is very similar and such a sorting would also be helpful.
Another way to implement this might be by using a similar thing to what
we allow for ssh-keys (see gnupg/agent/keyformat.txt) in the private
key files:

  *** Use-for-ssh
  If given and the value is "yes" or "1" the key is allowed for use by
  gpg-agent's ssh-agent implementation.  This is thus the same as
  putting the keygrip into the 'sshcontrol' file.  Only one such item
  should exist.  If another non-zero value between 1 and 99999 is used,
  this is taken to establish the order in which the keys are returned to
  ssh; lower numbers are returned first.  If a negative value is used
  this overrides currently active (inserted) cards and thus allows to
  prefer on-disk keys over inserted cards.  A value of -1 has the
  highest priority; values are capped at -999 and have a lower priority
  but still above the positive values, inserted cards or the order in
  sshcontrol.


Sorry, for not having a better answer.

> (reminder: all subkeys are derived from the same primary key).

Sure that you derived them?  What we do is to bind subkeys to a primary
key and then the sender selects the latest valid subkey for encryption.



Salam-Shalom,

   Werner



-- 
The pioneers of a warless world are the youth that
refuse military service.             - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20231205/1a12237a/attachment.sig>

More information about the Gnupg-users mailing list