RE: Changing the encryption algorithm used for PGP/GPG private key

2022-02-18 Thread vedaal via Gnupg-users 


On 2/18/2022 at 3:12 AM, "Daniel Colquitt via Gnupg-users"  wrote:Just
to follow up that this isn't a gpgwin problem. I have a Debian
installation and generated a test key using GnuPG and the same
gpg.conf file

=

Try this:
In gpg.conf file add the option of
--expert
and in personal preferences, list only AES 256,
Not the other strengths. 
Keep all of the s2k options you listed, and try generating a new key
again
Vedaal ___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: Changing the encryption algorithm used for PGP/GPG private key

2022-02-18 Thread Daniel Colquitt via Gnupg-users 
Thanks for responding, Ingo.

> As far as I can tell `man gpg` does not claim that any of these settings
> influence the encryption of secret keys.

According to the
manual, the --s2k-* flags control the algorithm used
for symmetric encryption  if the --personal-cipher-preferences flag isn't
set.

Is the suggestion the gpg does not respect these flags when applying
symmetric encryption to keys?

Dan

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing the encryption algorithm used for PGP/GPG private key

2022-02-18 Thread Ingo Klöcker 
On Montag, 14. Februar 2022 10:36:25 CET Daniel Colquitt via Gnupg-users 
wrote:
> I've read various tutorials and posts regarding changing the algorithm used 
to encrypt my private PGP keys. However, nothing I have tried seems to work. I 
am using gpg4win:
[...]
> My gpg.conf file located at
> C:\Users\[REDACTED]\AppData\Roaming\gnupg\gpg.conf is
> > personal-digest-preferences SHA512
> > cert-digest-algo SHA512
> > default-preference-list SHA512 SHA384 SHA256 SHA224 SHA1 AES256 AES192 AES
> > ZLIB BZIP2 ZIP Uncompressed OCB EAX ks-modify personal-cipher-preferences
> > AES256 AES192 AES
> > s2k-mode 3
> > s2k-cipher-algo AES256
> > s2k-digest-algo SHA512
> > s2k-count 65011712
> > cipher-algo AES256

As far as I can tell `man gpg` does not claim that any of these settings 
influence the encryption of secret keys.

> > :secret key packet:
> > ...
> > iter+salt S2K, algo: 7, SHA1 protection, hash: 2,
> > ...
> 
> This would seem to suggest that the key is still encrypted using AES128
> (algo 7) and a SHA1 hash.

Not sure about the encryption algo, but the usage of SHA-1 seems to be 
mandatory (unless one wants to use a completely insecure two-octet checksum):
https://datatracker.ietf.org/doc/html/rfc4880#section-5.5.3

Regards,
Ingo


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: Changing the encryption algorithm used for PGP/GPG private key

2022-02-18 Thread Daniel Colquitt via Gnupg-users 
Just to follow up that this isn't a gpgwin problem. I have a Debian 
installation and generated a test key using GnuPG and the same gpg.conf file. 
Here is the output

> gpg --list-packets test.key
> # off=0 ctb=95 tag=5 hlen=3 plen=1862
> :secret key packet:
>version 4, algo 1, created 1645171018, expires 0
>pkey[0]: [4096 bits]
>pkey[1]: [17 bits]
>iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt: 
> 618B50CF0281AD75
>protect count: 23068672 (230)
>protect IV:  74 02 5e e0 92 12 8a 5e 53 aa 17 4a 40 e0 7e 8d
>skey[2]: [v4 protected]
>keyid: 45A023416F46CE6E

I have verified that gpg reads the gpg.conf file and understands it.

Any help would be very much appreciated.

Yours,
Dan



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users