On 23/01/17 11:22, Peter Lebbing wrote: > It's close to what you're talking about, but not exactly. That is > specifically about *exporting* an OpenPGP secret key, not how it is > *stored* in your keyring. The protection on private-keys-v1.d is > implemented differently than the protection of the OpenPGP standard > which is used for export.
Ok, so - if I understand you correctly - when I *export* the secret key I can choose which algorithms are applied to the exported copy ? So I tried: $ gpg --export-secret-key my-key | gpg --list-packets | grep S2K gnu-dummy S2K, algo: 0, simple checksum, hash: 0 iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt: ... iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt: ... (I presume the first line is like that because the primary secret isn't in my ring) Then: $ gpg --export-secret-key --s2k-cipher-algo AES256 --s2k-digest-algo SHA512 my-key | gpg --list-packets | grep S2K gnu-dummy S2K, algo: 0, simple checksum, hash: 0 iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt: ... iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt: ... Surely I would expect it to look like iter+salt S2K, algo: 9, SHA512 protection, hash: 10, salt: ... Thanks. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users