Navigation überspringen

GnuPG Preferences

Overview

Many GnuPG users do not set the preferences for cipher, hash and compression algorithms – at least that is my impression. Therefore quite a few users have unwanted or unexpected preferences and do not always know how to change them.

Pointing these users to the documentation may be helpful but there’s no step by step instruction of how to change preferences. However, this is what this document does.

Note: The following works with GnuPG 1.0.7 or later, BZIP2 compression method works with GnuPG 1.2.4 or later (see Change preferences).

Examination of supported algorithms

To check the supported algorithms of your GnuPG installation just enter the command gpg –version:

Screenshot [Terminal Window]: Output of "gpg --version"

Lines beginning with Cipher:, Hash: and Compress: are of interest.

top

Examination of the current preferences

To enter the GnuPG interface for editing keys just fire gpg –edit-key Key-ID:

Screenshot [Terminal Window]: Entering GnuPG key editor ("gpg --edit-key"), issuing "pref"

To examine the current preferences you can use the command pref. However, showpref will generate an output that is easier to understand:

Screenshot [Terminal Window]: GnuPG key editor – #"showpref"

top

Change preferences

To change the preferences you will have to use the command setpref. This command expects a list of preferred algorithms as argument. These algorithms have to be encoded as shown in the following table:

Codes for cipher, hash and compression algorithms in GnuPG
cipher algorithms hash algorithms compression algorithms
S1 IDEA H1 MD5 Z1 ZIP
S2 3DES H2 SHA1 Z2 ZLIB
S3 CAST5 H3 RIPEMD160 Z3 BZIP2
S4 BLOWFISH    
S5 invalid    
S6 invalid    
S7 AES    
S8 AES192    
S9 AES256    
S10 TWOFISH    

Note: The BZIP2 compression method is supported since GnuPG 1.2.4.

To set AES as preferred cipher algo followed by TWOFISH, CAST5, BLOWFISH and 3DES the sequence S7 S10 S3 S4 S2 has to be used. You can append the codes for your preferred hash and compression algos, e.g. if you like to have SHA1, RIPEMD160, MD5 as hash algos and ZLIB, ZIP as compression algos your complete sequence should look like this: S7 S10 S3 S4 S2 H2 H3 H1 Z2 Z1. This sequence is used as argument for setpref:

Screenshot [Terminal Window]: GnuPG key editor – "setpref"

The command shown above sets preferences for all three keys in the keyring. To set preferences for a single key you will have to select the key by entering the appropriate number prior to the setpref command.

top

Save the new preferences

To finally update your newly set preferences enter the command updpref:

Screenshot [Terminal Window]: GnuPG key editor – "updpref"

This command requires you to enter your passphrase. Next, you can check your new preferences with pref or showpref and quit the interface with quit (confirm that you want to save the changes).

top

author: Ulf Stegemann (ulf@zeitform.de)

modified: 2013-04-11T10:46:35+0200

s/w: Emacs 24.3.50.1 (Org mode 8.0-pre)

Valid XHTML 1.0 strict! Valid CSS! Org-Mode Gehostet von zeitform Internet Dienste. [FSF Associate Member]