On Sun, Feb 9, 2014 at 2:39 PM, Stephane Bortzmeyer <bortzme...@nic.fr> wrote:
> When reading
> <https://alexcabal.com/creating-the-perfect-gpg-keypair/>, which
> advises to use gpg --edit-key and setpref to choose "better"
> algorithms, I told myself "Why risking forgetting the right
> command-line when you can simply use the configuration file?" So, I
> put this in ~/.gnupg/gpg.conf :
>
> # SHA1 by default
> cert-digest-algo SHA256
> # Crypto preferences
> personal-cipher-preferences  AES256 AES192 AES128
> personal-digest-preferences SHA512 SHA384 SHA256 SHA224
> personal-compress-preferences  ZLIB BZIP2 ZIP Uncompressed
>
> And generated a key, with two UID. But it seems the preferences in
> personal-*-preferences have been completely ignored:

That's because the personal-*-preferences don't change the preferences
in the key itself. They merely change the order of ciphers, hashes,
and compression methods that you prefer when communicating with others
(so long as you both support those algorithms).

According to 
http://www.gnupg.org/documentation/manuals/gnupg-devel/GPG-Esoteric-Options.html
you'll want to use "default-preference-list" followed by the list of
preferences for your key. For example, putting
"default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES
CAST5 ZLIB BZIP2 ZIP Uncompressed" in your gpg.conf file and then
generating a new key (or running "edit-key KEYID", "setpref" with an
empty string for the preferences, and "save" on an existing key) will
set the key preferences to that string.

Cheers!
-Pete

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to