On 23/01/17 11:01, John Lane wrote: > I've been reading about symmetric encryption of the private key. > > When I tried to experiment with the `--s2k` options, attempting to > change the passphrase on my key, I found that they were ignored.
GnuPG 2.1 handles the private key in a completely different manner than earlier versions. I couldn't find any other configurable things than the s2k-count. Look at the difference between the man page for 2.1.16 and 1.4.18: 1.4.18: > --s2k-cipher-algo name > Use name as the cipher algorithm used to protect secret > keys. > The default cipher is CAST5. This cipher is also used for > convenā > tional encryption if --personal-cipher-preferences and > --cipher- > algo is not given. 2.1.16: > --s2k-cipher-algo name > Use name as the cipher algorithm for symmetric encryption with > a > passphrase if --personal-cipher-preferences and --cipher-algo > are > not given. The default is AES-128. > A brief > search identified issue 1800 [1] on the bug tracker which was last > updated in 2015, some 20 months ago. It's close to what you're talking about, but not exactly. That is specifically about *exporting* an OpenPGP secret key, not how it is *stored* in your keyring. The protection on private-keys-v1.d is implemented differently than the protection of the OpenPGP standard which is used for export. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users