On Sun, Feb 9, 2014 at 2:39 PM, Stephane Bortzmeyer <bortzme...@nic.fr> wrote: > When reading > <https://alexcabal.com/creating-the-perfect-gpg-keypair/>, which > advises to use gpg --edit-key and setpref to choose "better" > algorithms, I told myself "Why risking forgetting the right > command-line when you can simply use the configuration file?" So, I > put this in ~/.gnupg/gpg.conf : > > # SHA1 by default > cert-digest-algo SHA256 > # Crypto preferences > personal-cipher-preferences AES256 AES192 AES128 > personal-digest-preferences SHA512 SHA384 SHA256 SHA224 > personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed > > And generated a key, with two UID. But it seems the preferences in > personal-*-preferences have been completely ignored:
That's because the personal-*-preferences don't change the preferences in the key itself. They merely change the order of ciphers, hashes, and compression methods that you prefer when communicating with others (so long as you both support those algorithms). According to http://www.gnupg.org/documentation/manuals/gnupg-devel/GPG-Esoteric-Options.html you'll want to use "default-preference-list" followed by the list of preferences for your key. For example, putting "default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed" in your gpg.conf file and then generating a new key (or running "edit-key KEYID", "setpref" with an empty string for the preferences, and "save" on an existing key) will set the key preferences to that string. Cheers! -Pete _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
