On Montag, 14. Februar 2022 10:36:25 CET Daniel Colquitt via Gnupg-users wrote: > I've read various tutorials and posts regarding changing the algorithm used to encrypt my private PGP keys. However, nothing I have tried seems to work. I am using gpg4win: [...] > My gpg.conf file located at > C:\Users\[REDACTED]\AppData\Roaming\gnupg\gpg.conf is > > personal-digest-preferences SHA512 > > cert-digest-algo SHA512 > > default-preference-list SHA512 SHA384 SHA256 SHA224 SHA1 AES256 AES192 AES > > ZLIB BZIP2 ZIP Uncompressed OCB EAX ks-modify personal-cipher-preferences > > AES256 AES192 AES > > s2k-mode 3 > > s2k-cipher-algo AES256 > > s2k-digest-algo SHA512 > > s2k-count 65011712 > > cipher-algo AES256
As far as I can tell `man gpg` does not claim that any of these settings influence the encryption of secret keys. > > :secret key packet: > > ... > > iter+salt S2K, algo: 7, SHA1 protection, hash: 2, > > ... > > This would seem to suggest that the key is still encrypted using AES128 > (algo 7) and a SHA1 hash. Not sure about the encryption algo, but the usage of SHA-1 seems to be mandatory (unless one wants to use a completely insecure two-octet checksum): https://datatracker.ietf.org/doc/html/rfc4880#section-5.5.3 Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
