When reading <https://alexcabal.com/creating-the-perfect-gpg-keypair/>, which advises to use gpg --edit-key and setpref to choose "better" algorithms, I told myself "Why risking forgetting the right command-line when you can simply use the configuration file?" So, I put this in ~/.gnupg/gpg.conf :
# SHA1 by default cert-digest-algo SHA256 # Crypto preferences personal-cipher-preferences AES256 AES192 AES128 personal-digest-preferences SHA512 SHA384 SHA256 SHA224 personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed And generated a key, with two UID. But it seems the preferences in personal-*-preferences have been completely ignored: gpg> showpref [ultimate] (1). Stéphane Bortzmeyer (Main ID) <steph...@bortzmeyer.org> Cipher: AES256, AES192, AES, CAST5, 3DES, IDEA Digest: SHA256, SHA1, SHA384, SHA512, SHA224 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, Keyserver no-modify [ultimate] (2) Stéphane Bortzmeyer (Work) <bortzme...@nic.fr> Cipher: AES256, AES192, AES, CAST5, 3DES, IDEA Digest: SHA256, SHA1, SHA384, SHA512, SHA224 Compression: ZLIB, BZIP2, ZIP, Uncompressed Features: MDC, Keyserver no-modify Why is it so? % gpg --version gpg (GnuPG) 2.0.22 libgcrypt 1.6.1 Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Home: ~/.gnupg Supported algorithms: Pubkey: RSA, ELG, DSA, ECC, ? Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users