Re: Changing the encryption algorithm used for PGP/GPG private key

2022-02-19 Thread Daniel Colquitt via Gnupg-users 
Hi Vedaal,

> Try this:
> In gpg.conf file add the option of
> --expert
> and in personal preferences, list only AES 256,
> Not the other strengths. 
> Keep all of the s2k options you listed, and try generating a new key again
> Vedaal 

Many thanks for the suggestion, but I’m afraid that this still does not work 
for me.

It seems the gnupg ignores all s2k and cipher preference flags when encrypting 
private keys. If this is indeed the intended behaviour (although I have no idea 
why it should be), perhaps it would a good idea to add a warning to the man 
pages?

Dan___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: Changing the encryption algorithm used for PGP/GPG private key

2022-02-18 Thread vedaal via Gnupg-users 


On 2/18/2022 at 3:12 AM, "Daniel Colquitt via Gnupg-users"  wrote:Just
to follow up that this isn't a gpgwin problem. I have a Debian
installation and generated a test key using GnuPG and the same
gpg.conf file

=

Try this:
In gpg.conf file add the option of
--expert
and in personal preferences, list only AES 256,
Not the other strengths. 
Keep all of the s2k options you listed, and try generating a new key
again
Vedaal ___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: Changing the encryption algorithm used for PGP/GPG private key

2022-02-18 Thread Daniel Colquitt via Gnupg-users 
Thanks for responding, Ingo.

> As far as I can tell `man gpg` does not claim that any of these settings
> influence the encryption of secret keys.

According to the
manual, the --s2k-* flags control the algorithm used
for symmetric encryption  if the --personal-cipher-preferences flag isn't
set.

Is the suggestion the gpg does not respect these flags when applying
symmetric encryption to keys?

Dan

___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

Re: Changing the encryption algorithm used for PGP/GPG private key

2022-02-18 Thread Ingo Klöcker 
On Montag, 14. Februar 2022 10:36:25 CET Daniel Colquitt via Gnupg-users 
wrote:
> I've read various tutorials and posts regarding changing the algorithm used 
to encrypt my private PGP keys. However, nothing I have tried seems to work. I 
am using gpg4win:
[...]
> My gpg.conf file located at
> C:\Users\[REDACTED]\AppData\Roaming\gnupg\gpg.conf is
> > personal-digest-preferences SHA512
> > cert-digest-algo SHA512
> > default-preference-list SHA512 SHA384 SHA256 SHA224 SHA1 AES256 AES192 AES
> > ZLIB BZIP2 ZIP Uncompressed OCB EAX ks-modify personal-cipher-preferences
> > AES256 AES192 AES
> > s2k-mode 3
> > s2k-cipher-algo AES256
> > s2k-digest-algo SHA512
> > s2k-count 65011712
> > cipher-algo AES256

As far as I can tell `man gpg` does not claim that any of these settings 
influence the encryption of secret keys.

> > :secret key packet:
> > ...
> > iter+salt S2K, algo: 7, SHA1 protection, hash: 2,
> > ...
> 
> This would seem to suggest that the key is still encrypted using AES128
> (algo 7) and a SHA1 hash.

Not sure about the encryption algo, but the usage of SHA-1 seems to be 
mandatory (unless one wants to use a completely insecure two-octet checksum):
https://datatracker.ietf.org/doc/html/rfc4880#section-5.5.3

Regards,
Ingo


signature.asc
Description: This is a digitally signed message part.
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users

RE: Changing the encryption algorithm used for PGP/GPG private key

2022-02-18 Thread Daniel Colquitt via Gnupg-users 
Just to follow up that this isn't a gpgwin problem. I have a Debian 
installation and generated a test key using GnuPG and the same gpg.conf file. 
Here is the output

> gpg --list-packets test.key
> # off=0 ctb=95 tag=5 hlen=3 plen=1862
> :secret key packet:
>version 4, algo 1, created 1645171018, expires 0
>pkey[0]: [4096 bits]
>pkey[1]: [17 bits]
>iter+salt S2K, algo: 7, SHA1 protection, hash: 2, salt: 
> 618B50CF0281AD75
>protect count: 23068672 (230)
>protect IV:  74 02 5e e0 92 12 8a 5e 53 aa 17 4a 40 e0 7e 8d
>skey[2]: [v4 protected]
>keyid: 45A023416F46CE6E

I have verified that gpg reads the gpg.conf file and understands it.

Any help would be very much appreciated.

Yours,
Dan



___
Gnupg-users mailing list
Gnupg-users@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-users