On Thu, Aug 31, 2006 at 03:20:12AM +0200, Philipp Gühring wrote: > Hi, > > I imported a DSA-1024-160 testkey into GnuPG, and got the following message: > > gpg --homedir work/696/ --import work/696/request.key > Set preference list to: > Cipher: AES256, AES192, AES, CAST5, 3DES > Digest: SHA1, SHA256, RIPEMD160 > Compression: ZLIB, BZIP2, ZIP, Uncompressed > Features: MDC, Keyserver no-modify > Really update the preferences? (y/N) > > I am a bit puzzled that importing a key makes gnupg ask me, whether > I want to update my preferences ...
Any time you import a key, GnuPG will check to see if the key is advertising preferences that GnuPG can't fulfil. If you don't update the preferences to match reality, you can receive messages that you won't be able to decrypt. > I have the feeling that this could be a security risk, if it changed the > preferences in an insecure way ... This does not parse. Do you have some reason to believe the preference system is insecure? If so, please state it directly. > Why doesn´t it show the previous settings, so that I know what it actually > changes? It does. Are you piping the GPG output somewhere and missing it? The full message printed would be something like: gpg: WARNING: key XXXXXXXX contains preferences for unavailable gpg: algorithms on these user IDs: gpg: "whatever": preference for cipher algorithm AES gpg: it is strongly suggested that you update your preferences and gpg: re-distribute this key to avoid potential algorithm mismatch problems David _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
