Hello, beware of compatibility issues... Older versions of Debian (< sarge) don't support SHA512, AFAIK. Many Smartcards are limited to key size <= 3072 bit, AFAIK. RSA signatures are larger than DSA signatures, even if same bit size.
So, what are the most useful cross-over compatibility settings for new, secure keys? Regards, @g. > -----Original Message----- > From: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] On Behalf Of > Robin Mathew Rajan > Sent: Tuesday, November 25, 2014 8:44 PM > To: Robert J. Hansen; gnupg-users@gnupg.org > Subject: Re: Setpref is not working or is it a bug or something? > > No bro. You got me wrong. :( > > I referred these two manuals before I made the change in gpg.conf. > > 1) https://www.gnupg.org/documentation/manuals/gnupg/GPG-Esoteric- > Options.html > > "--default-preference-list string > Set the list of default preferences to string. This preference list is > used for new keys and becomes the default for "setpref" in the edit menu." > > 2) http://www.gossamer-threads.com/lists/gnupg/users/51697 > > "Re: Difference between setpref and options in the configuration [In reply > to] > On Sun, Feb 9, 2014 at 2:39 PM, Stephane Bortzmeyer <bortzmeyer [at] nic> > wrote: > > When reading > > <https://alexcabal.com/creating-the-perfect-gpg-keypair/>, which > > advises to use gpg --edit-key and setpref to choose "better" > > algorithms, I told myself "Why risking forgetting the right > > command-line when you can simply use the configuration file?" So, I > > put this in ~/.gnupg/gpg.conf : > > > > # SHA1 by default > > cert-digest-algo SHA256 > > # Crypto preferences > > personal-cipher-preferences AES256 AES192 AES128 > > personal-digest-preferences SHA512 SHA384 SHA256 SHA224 > > personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed > > > > And generated a key, with two UID. But it seems the preferences in > > personal-*-preferences have been completely ignored: > > That's because the personal-*-preferences don't change the preferences > in the key itself. They merely change the order of ciphers, hashes, > and compression methods that you prefer when communicating with others > (so long as you both support those algorithms). > > According to http://www.gnupg.org/documentation/manuals/gnupg-devel/GPG- > Esoteric-Options.html > you'll want to use "default-preference-list" followed by the list of > preferences for your key. For example, putting > "default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES > CAST5 ZLIB BZIP2 ZIP Uncompressed" in your gpg.conf file and then > generating a new key (or running "edit-key KEYID", "setpref" with an > empty string for the preferences, and "save" on an existing key) will > set the key preferences to that string. > > Cheers! > -Pete" > > Those are the two manuals I mainly referred before editing the gpg.conf. > > The backup file was made after the changes made in the key. It's not made > before I edited the gpg.conf and used setpref. The backup file is made > after I used the setpref option. > > And that's why I'm confused about it. Even though the backup file was made > after the changes made in the key, why the properties set by setpref are > not included in the key? I'm confused. :( > > > > On 25-11-2014 PM 08:23, Robert J. Hansen wrote: > >> Why this happening and what is the solution to it? > > > > The preferences list in gpg.conf are your preferences for what you use > > for the mail you compose to others; the preferences list on your key are > > your preferences for what you'd like other people to use for the mail > > they compose to you. > > > > They represent two different things, which you seem to have conflated > > together. I think this will resolve a good half of your questions. > > > > The other half can be resolved by asking this question: "When I changed > > my key preferences, then deleted the key, and restored it from a backup > > I made before I changed my key preferences, how could the backup know > > about the changes I made *after* I made the backup?" > > > > :) > > > > _______________________________________________ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
